Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ihost.exe

Overview

General Information

Sample name:ihost.exe
Analysis ID:1574330
MD5:13668221cfd8f509eb078b7105c6fda8
SHA1:bac34153380deb0edc8be94748cca4d33403d1c9
SHA256:629685e2ed92a4edb187851977c066471a418d7917590360e48128e5cc3f1988
Tags:exegithub-com--hombozuser-JAMESWT_MHT
Infos:

Detection

Python Stealer, Muck Stealer
Score:72
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Multi AV Scanner detection for submitted file
Yara detected Muck Stealer
Found pyInstaller with non standard icon
Yara detected Generic Python Stealer
Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • ihost.exe (PID: 7356 cmdline: "C:\Users\user\Desktop\ihost.exe" MD5: 13668221CFD8F509EB078B7105C6FDA8)
    • ihost.exe (PID: 7420 cmdline: "C:\Users\user\Desktop\ihost.exe" MD5: 13668221CFD8F509EB078B7105C6FDA8)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_MuckStealerYara detected Muck StealerJoe Security
    Process Memory Space: ihost.exe PID: 7420JoeSecurity_GenericPythonStealerYara detected Generic Python StealerJoe Security
      Process Memory Space: ihost.exe PID: 7420JoeSecurity_MuckStealerYara detected Muck StealerJoe Security

        Sigma Signatures

        No Sigma rule has matched

        Suricata Signatures

        No Suricata rule has matched

        Joe Sandbox Signatures

        Click to jump to signature section

        Show All Signature Results

        AV Detection

        barindex
        Antivirus detection for URL or domain
        Source: https://discord.gift/Avira URL Cloud: Label: malware
        Multi AV Scanner detection for submitted file
        Source: ihost.exeReversingLabs: Detection: 63%
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007B80C0 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007B80C0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,1_2_00007FFE00761361
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00764100 CRYPTO_free,1_2_00007FFE00764100
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007623EC CRYPTO_free,CRYPTO_memdup,1_2_00007FFE007623EC
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0077C080 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE0077C080
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00762527 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00762527
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007820A0 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,1_2_00007FFE007820A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007C00A0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE007C00A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076E0AD ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,1_2_00007FFE0076E0AD
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007AE200 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007AE200
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00761389
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007619DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE007619DD
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007615E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE007615E6
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761F55 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE00761F55
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007AE190 CRYPTO_free,1_2_00007FFE007AE190
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00764300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00764300
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007C0330 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE007C0330
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007C43C0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,1_2_00007FFE007C43C0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007CA3D0 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007CA3D0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007623DD EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE007623DD
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00782410 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,1_2_00007FFE00782410
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0077E427 CRYPTO_THREAD_write_lock,1_2_00007FFE0077E427
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00761B31
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00772360 CRYPTO_THREAD_run_once,1_2_00007FFE00772360
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007B8390 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007B8390
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761D93 EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE00761D93
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761ACD
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00774530 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,1_2_00007FFE00774530
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE0076198D
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,1_2_00007FFE00761AC3
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007618B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE007618B6
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00794490 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00794490
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007626E4 BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,1_2_00007FFE007626E4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007805E0 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE007805E0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007B8620 CRYPTO_memcmp,1_2_00007FFE007B8620
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007624CD CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,1_2_00007FFE007624CD
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007D6550 CRYPTO_memcmp,1_2_00007FFE007D6550
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00761488
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007685A0 CRYPTO_zalloc,CRYPTO_free,1_2_00007FFE007685A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0077A6D0 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,1_2_00007FFE0077A6D0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076103C CRYPTO_malloc,COMP_expand_block,1_2_00007FFE0076103C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007AE700 CRYPTO_free,1_2_00007FFE007AE700
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,1_2_00007FFE0076120D
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE00761212
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007C6650 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE007C6650
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007613D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,1_2_00007FFE007613D9
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A4660 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE007A4660
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,1_2_00007FFE0076162C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A26B0 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,1_2_00007FFE007A26B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761F28 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE00761F28
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761CA3 CRYPTO_strdup,CRYPTO_free,1_2_00007FFE00761CA3
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007625F4 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,1_2_00007FFE007625F4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761F3C CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE00761F3C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00762423 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00762423
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007616A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007616A4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007AE781 CRYPTO_free,CRYPTO_free,1_2_00007FFE007AE781
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761401
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007626B2 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE007626B2
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007AE8C0 CRYPTO_free,1_2_00007FFE007AE8C0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007CC8E0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007CC8E0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007DA8F0 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,1_2_00007FFE007DA8F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,1_2_00007FFE0076139D
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007AE920 CRYPTO_free,1_2_00007FFE007AE920
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00774930 CRYPTO_get_ex_new_index,1_2_00007FFE00774930
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007C4860 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFE007C4860
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007D8870 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE007D8870
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007617DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE007617DF
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076204F CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE0076204F
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007624EB CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE007624EB
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007B89F0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE007B89F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761EE2 CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE00761EE2
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00762185 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE00762185
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00774990 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,1_2_00007FFE00774990
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,1_2_00007FFE00761893
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0078EB10 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFE0078EB10
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761460 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,1_2_00007FFE00761460
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00776B20 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,1_2_00007FFE00776B20
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00764B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00764B30
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,1_2_00007FFE00761A05
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFE00761492
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A2A50 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,1_2_00007FFE007A2A50
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076114F CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE0076114F
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE00761AB4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00764C00 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE00764C00
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007AEC10 CRYPTO_free,1_2_00007FFE007AEC10
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0077EB48 CRYPTO_free,1_2_00007FFE0077EB48
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE00761A0F
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0077CD30 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE0077CD30
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE0076136B
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007C4C40 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFE007C4C40
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007AEC70 CRYPTO_free,1_2_00007FFE007AEC70
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A8C80 CRYPTO_free,1_2_00007FFE007A8C80
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007622D9 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,1_2_00007FFE007622D9
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007B8CA0 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE007B8CA0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076257C ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,1_2_00007FFE0076257C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0077EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,1_2_00007FFE0077EDC1
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761771 CRYPTO_free,1_2_00007FFE00761771
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE00761811
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0077EDC1 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,1_2_00007FFE0077EDC1
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcmp,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE00761B54
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A8D40 OPENSSL_cleanse,CRYPTO_free,1_2_00007FFE007A8D40
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00761CBC
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076222F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFE0076222F
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007D2EE0 CRYPTO_memcmp,1_2_00007FFE007D2EE0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076236A CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFE0076236A
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A8E90 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE007A8E90
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFE0076117C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076CEA0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,1_2_00007FFE0076CEA0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007617E9 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE007617E9
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00764FD0 CRYPTO_free,1_2_00007FFE00764FD0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00762144 EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE00762144
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007620E5 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007620E5
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007950D8 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE007950D8
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00762374 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE00762374
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A9120 CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE007A9120
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007611A9 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE007611A9
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00762117 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFE00762117
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007C5070 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007C5070
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0078F070 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,memcpy,1_2_00007FFE0078F070
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007DB070 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE007DB070
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00789080 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,1_2_00007FFE00789080
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007614CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE007614CE
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A30A0 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE007A30A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007621DF CRYPTO_memcmp,1_2_00007FFE007621DF
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE00761A23
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
        Source: ihost.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: ihost.exe, 00000001.00000002.2968629591.00007FFE01377000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: ihost.exe, 00000001.00000002.2964545540.00007FFDFB19A000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: ihost.exe, 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982433690.00007FFE148E4000.00000002.00000001.01000000.0000000B.sdmp, _wmi.pyd.0.dr
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
        Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ihost.exe, 00000000.00000003.1722467980.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2980668762.00007FFE11EE4000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: ihost.exe, 00000001.00000002.2964545540.00007FFDFB102000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ihost.exe, 00000000.00000003.1722467980.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2980668762.00007FFE11EE4000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: ihost.exe, 00000001.00000002.2964545540.00007FFDFB19A000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: ihost.exe, 00000000.00000003.1722705259.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982295909.00007FFE130C5000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: ihost.exe, 00000001.00000002.2979509677.00007FFE11BB3000.00000002.00000001.01000000.00000012.sdmp, select.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: ihost.exe, 00000001.00000002.2980030383.00007FFE11EB3000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2981469027.00007FFE120C6000.00000002.00000001.01000000.0000000F.sdmp, _hashlib.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2976569860.00007FFE1025B000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2978841983.00007FFE117E3000.00000002.00000001.01000000.00000015.sdmp, _uuid.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: ihost.exe, 00000001.00000002.2976040932.00007FFE0EC52000.00000002.00000001.01000000.0000000D.sdmp, pyexpat.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982137982.00007FFE12E13000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2976569860.00007FFE1025B000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2978628585.00007FFE1151D000.00000002.00000001.01000000.00000009.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982433690.00007FFE148E4000.00000002.00000001.01000000.0000000B.sdmp, _wmi.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2977149701.00007FFE10309000.00000002.00000001.01000000.00000011.sdmp, _socket.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: ihost.exe, 00000001.00000002.2976185593.00007FFE101DF000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: ihost.exe, 00000001.00000002.2960429456.0000026647760000.00000002.00000001.01000000.00000006.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: ihost.exe, 00000001.00000002.2965312033.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: ihost.exe, 00000000.00000003.1722705259.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982295909.00007FFE130C5000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: D:\a\1\b\libssl-3.pdb source: ihost.exe, 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: ihost.exe, 00000001.00000002.2975802539.00007FFE0EC0E000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA092F0 FindFirstFileExW,FindClose,0_2_00007FF62AA092F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA083B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF62AA083B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA218E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF62AA218E4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA092F0 FindFirstFileExW,FindClose,1_2_00007FF62AA092F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA083B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF62AA083B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA218E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF62AA218E4
        Source: Joe Sandbox ViewIP Address: 162.159.136.232 162.159.136.232
        Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
        Source: global trafficDNS traffic detected: DNS query: discord.com
        Source: ihost.exe, 00000001.00000002.2962896418.000002664AD34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962652670.000002664A6A2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
        Source: ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA91F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.dig
        Source: ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA91F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.dig5$=9
        Source: ihost.exe, 00000000.00000002.2960349148.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi
        Source: ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi5$=9
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000002.2960349148.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
        Source: ihost.exe, 00000001.00000003.1771652900.00000266497A5000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1775389687.000002664979D000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771367923.00000266497A5000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
        Source: ihost.exe, 00000001.00000003.1771307971.0000026649B7B000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.0000026649600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
        Source: ihost.exe, 00000001.00000002.2960964088.0000026649327000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.0000026649600000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl2.
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crlp
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crlf
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000002.2960349148.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
        Source: _hashlib.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6A2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
        Source: ihost.exe, 00000001.00000002.2962896418.000002664AD34000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962996062.000002664AE64000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962896418.000002664AD20000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962517012.000002664A62F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
        Source: ihost.exe, 00000001.00000002.2962896418.000002664AD34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
        Source: ihost.exe, 00000001.00000003.1771307971.0000026649B2C000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962038618.0000026649F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
        Source: ihost.exe, 00000001.00000002.2962113575.000002664A000000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
        Source: ihost.exe, 00000001.00000002.2962113575.000002664A000000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
        Source: ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://i.instagram.com/api/v1/users/web_profile_info/?username=
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es2m-
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000002.2960349148.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0A
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000002.2960349148.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA91F000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
        Source: ihost.exe, 00000001.00000002.2961965633.0000026649E00000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962038618.0000026649F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/U
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/U9
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/j
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D28000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
        Source: ihost.exe, 00000001.00000002.2962996062.000002664AE90000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962996062.000002664AE6C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html5297
        Source: ihost.exe, 00000001.00000002.2962782638.000002664A750000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htmQ
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
        Source: LICENSE0.0.drString found in binary or memory: http://www.apache.org/licenses/
        Source: LICENSE0.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
        Source: ihost.exe, 00000001.00000002.2961965633.0000026649E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0g
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _wmi.pyd.0.dr, _uuid.pyd.0.dr, _decimal.pyd.0.dr, libffi-8.dll.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
        Source: ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962517012.000002664A62F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
        Source: ihost.exe, 00000001.00000003.1774875859.0000026649B8E000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1773629757.0000026649B8E000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2960964088.0000026649327000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1775457269.0000026649B8F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps8
        Source: ihost.exe, 00000001.00000002.2962782638.000002664A750000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649CB3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://aliexpress.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://amazon.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.gofile.io/getServer
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://api19-va.tiktokv.com/aweme/v1/user/profile/self/?
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://binance.com)
        Source: METADATA0.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
        Source: ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1086668425797058691/1113770559688413245/app.asar
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/attachments/1135684724585681039/1143224080603037827/app.asar
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://cdn.discordapp.com/avatars/
        Source: _cffi_backend.cp313-win_amd64.pyd.0.drString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://coinbase.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://crunchyroll.com)
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
        Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com)
        Source: ihost.exe, 00000001.00000002.2963484652.000002664B00C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/users/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/guilds/
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v6/users/
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/v9/users/
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.com/api/webhooks/1267176433306829014/YhEVi7QXrkO9uMJodvR8Fp2e6uTZlqxB6sVXodhGTQI4MPs
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gg/
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discord.gift/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://discordapp.com/api/v6/users/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://disney.com)
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
        Source: ihost.exe, 00000001.00000002.2961075061.0000026649500000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://docs.python.org/3/howto/mro.html.
        Source: ihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
        Source: ihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
        Source: ihost.exe, 00000001.00000002.2960671411.00000266490B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
        Source: ihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
        Source: ihost.exe, 00000001.00000002.2960671411.00000266490B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
        Source: ihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
        Source: ihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
        Source: ihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
        Source: ihost.exe, 00000001.00000002.2960964088.00000266492CB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1756891660.00000266492F8000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1751930750.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1755985881.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1753418565.00000266492F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
        Source: METADATA0.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
        Source: METADATA0.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://ebay.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://epicgames.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://expressvpn.com)
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
        Source: ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://geolocation-db.com/jsonp/
        Source: ihost.exe, 00000001.00000002.2962038618.0000026649F00000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774642645.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771367923.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771652900.0000026649728000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com)
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649CE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
        Source: ihost.exe, 00000001.00000002.2960964088.00000266492CB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1756891660.00000266492F8000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1751930750.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1755985881.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1753418565.00000266492F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
        Source: METADATA0.0.drString found in binary or memory: https://github.com/astral-sh/ruff
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/frankxrs
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/frankxrs/
        Source: ihost.exe, 00000001.00000002.2962113575.000002664A000000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
        Source: ihost.exe, 00000001.00000002.2962184134.000002664A100000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
        Source: ihost.exe, 00000001.00000002.2962896418.000002664AD34000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
        Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
        Source: ihost.exe, 00000001.00000002.2962038618.0000026649F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
        Source: ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
        Source: ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
        Source: ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
        Source: ihost.exe, 00000001.00000002.2960671411.00000266490B4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
        Source: ihost.exe, 00000001.00000003.1753418565.00000266492F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
        Source: ihost.exe, 00000001.00000002.2960964088.00000266492CB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1756891660.00000266492F8000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1751930750.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1755985881.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1753418565.00000266492F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
        Source: ihost.exe, 00000001.00000003.1769487269.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1767704402.00000266497B4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770809131.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1768513594.0000026649AB1000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774642645.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770299738.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771367923.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771652900.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1768662841.0000026649AB2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770889364.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1768695283.00000266497B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
        Source: METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata
        Source: METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
        Source: METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
        Source: METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
        Source: ihost.exe, 00000001.00000002.2961965633.0000026649E00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/importlib_metadata/wiki/Development-Methodology
        Source: ihost.exe, 00000001.00000002.2960964088.00000266492CB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1756891660.00000266492F8000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1751930750.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1755985881.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1753418565.00000266492F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gmail.com)
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649CE4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649CE4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hbo.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://hotmail.com)
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649CE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649C24000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://i.imgur.com/Npe8QuD.png
        Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
        Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
        Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
        Source: METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
        Source: METADATA0.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
        Source: METADATA0.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://instagram.com)
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649C24000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
        Source: ihost.exe, 00000001.00000003.1772446551.0000026649BBB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1775457269.0000026649BBB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771595897.0000026649BA4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://minecraft.net)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://nationsglory.fr/profile/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://netflix.com)
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://origin.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://outlook.com)
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
        Source: ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/#core-metadata
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
        Source: ihost.exe, 00000001.00000002.2960964088.0000026649327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/#file-format
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
        Source: ihost.exe, 00000001.00000002.2960964088.0000026649327000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-file
        Source: ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://paypal.com)
        Source: ihost.exe, 00000001.00000003.1746617372.00000266492C1000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961305554.0000026649800000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1756265583.00000266496DE000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1758181348.00000266496DE000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1757557944.00000266496DE000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
        Source: ihost.exe, 00000001.00000002.2965312033.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://playstation.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pornhub.com)
        Source: ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
        Source: METADATA0.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
        Source: ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
        Source: METADATA0.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
        Source: ihost.exe, 00000001.00000002.2962038618.0000026649F00000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774642645.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771367923.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771652900.0000026649728000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
        Source: ihost.exe, 00000001.00000002.2962896418.000002664ADC8000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://riotgames.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://roblox.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sellix.io)
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
        Source: ihost.exe, 00000001.00000003.1759836785.0000026649752000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1760232983.000002664975D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
        Source: ihost.exe, 00000001.00000003.1769487269.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770809131.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1759666379.000002664978E000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1763618645.0000026649752000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1767704402.0000026649752000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774642645.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1760752501.0000026649752000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770299738.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771367923.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771652900.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770889364.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1759836785.000002664972D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
        Source: ihost.exe, 00000001.00000002.2961387440.0000026649900000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
        Source: ihost.exe, 00000001.00000003.1759666379.000002664978E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
        Source: ihost.exe, 00000001.00000003.1759666379.000002664978E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://skins.nationsglory.fr/face/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://spotify.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://stake.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://steam.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://telegram.com)
        Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
        Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://tiktok.com/
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6A2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
        Source: ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
        Source: ihost.exe, 00000001.00000003.1773629757.0000026649B2C000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1772446551.0000026649B47000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1772446551.0000026649AF0000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1775433066.0000026649B5A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774875859.0000026649B6B000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitch.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://twitter.com)
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649CE4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://uber.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
        Source: ihost.exe, 00000001.00000003.1771652900.00000266497A5000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774441728.00000266497AE000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771307971.0000026649B7B000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771367923.00000266497A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
        Source: LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
        Source: ihost.exe, 00000000.00000003.1729600862.00000194DA920000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649C24000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
        Source: ihost.exe, 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmp, ihost.exe, 00000001.00000002.2964940369.00007FFDFB244000.00000002.00000001.01000000.00000010.sdmpString found in binary or memory: https://www.openssl.org/H
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
        Source: ihost.exe, 00000001.00000003.1772446551.0000026649BBB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1775457269.0000026649BBB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771652900.00000266496E2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771595897.0000026649BA4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
        Source: ihost.exe, 00000001.00000002.2965312033.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
        Source: ihost.exe, 00000001.00000002.2962517012.000002664A62F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xbox.com)
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com)
        Source: ihost.exe, 00000001.00000002.2961469073.0000026649CE4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
        Source: ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://youtube.com)
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
        Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA08BD00_2_00007FF62AA08BD0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA25C700_2_00007FF62AA25C70
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA269D40_2_00007FF62AA269D4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA209380_2_00007FF62AA20938
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA010000_2_00007FF62AA01000
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA11BC00_2_00007FF62AA11BC0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA0A34B0_2_00007FF62AA0A34B
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA0A4E40_2_00007FF62AA0A4E4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA0AD1D0_2_00007FF62AA0AD1D
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA264880_2_00007FF62AA26488
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA209380_2_00007FF62AA20938
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA12C800_2_00007FF62AA12C80
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA23C800_2_00007FF62AA23C80
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA121D40_2_00007FF62AA121D4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA13A140_2_00007FF62AA13A14
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA181540_2_00007FF62AA18154
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA119B40_2_00007FF62AA119B4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA1DACC0_2_00007FF62AA1DACC
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA11FD00_2_00007FF62AA11FD0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA188040_2_00007FF62AA18804
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA1DF600_2_00007FF62AA1DF60
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA117B00_2_00007FF62AA117B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA297980_2_00007FF62AA29798
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA218E40_2_00007FF62AA218E4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA2411C0_2_00007FF62AA2411C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA098700_2_00007FF62AA09870
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA1E5E00_2_00007FF62AA1E5E0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA11DC40_2_00007FF62AA11DC4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA136100_2_00007FF62AA13610
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA15DA00_2_00007FF62AA15DA0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA25EEC0_2_00007FF62AA25EEC
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA19F100_2_00007FF62AA19F10
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA269D41_2_00007FF62AA269D4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA010001_2_00007FF62AA01000
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA08BD01_2_00007FF62AA08BD0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA11BC01_2_00007FF62AA11BC0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA0A34B1_2_00007FF62AA0A34B
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA0A4E41_2_00007FF62AA0A4E4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA0AD1D1_2_00007FF62AA0AD1D
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA25C701_2_00007FF62AA25C70
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA264881_2_00007FF62AA26488
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA209381_2_00007FF62AA20938
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA12C801_2_00007FF62AA12C80
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA23C801_2_00007FF62AA23C80
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA121D41_2_00007FF62AA121D4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA13A141_2_00007FF62AA13A14
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA181541_2_00007FF62AA18154
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA209381_2_00007FF62AA20938
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA119B41_2_00007FF62AA119B4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA1DACC1_2_00007FF62AA1DACC
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA11FD01_2_00007FF62AA11FD0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA188041_2_00007FF62AA18804
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA1DF601_2_00007FF62AA1DF60
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA117B01_2_00007FF62AA117B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA297981_2_00007FF62AA29798
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA218E41_2_00007FF62AA218E4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA2411C1_2_00007FF62AA2411C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA098701_2_00007FF62AA09870
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA1E5E01_2_00007FF62AA1E5E0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA11DC41_2_00007FF62AA11DC4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA136101_2_00007FF62AA13610
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA15DA01_2_00007FF62AA15DA0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA25EEC1_2_00007FF62AA25EEC
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA19F101_2_00007FF62AA19F10
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF244FC01_2_00007FFDFF244FC0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF21BFC01_2_00007FFDFF21BFC0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF23DFE01_2_00007FFDFF23DFE0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1B70401_2_00007FFDFF1B7040
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1B80201_2_00007FFDFF1B8020
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1D4E701_2_00007FFDFF1D4E70
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF22CEA01_2_00007FFDFF22CEA0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF20CF301_2_00007FFDFF20CF30
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1A0DC01_2_00007FFDFF1A0DC0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1BDDB01_2_00007FFDFF1BDDB0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1DBC801_2_00007FFDFF1DBC80
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF228C801_2_00007FFDFF228C80
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF214C701_2_00007FFDFF214C70
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1EBCC01_2_00007FFDFF1EBCC0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF21ACA01_2_00007FFDFF21ACA0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1A9D001_2_00007FFDFF1A9D00
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1E0CE01_2_00007FFDFF1E0CE0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF19BD301_2_00007FFDFF19BD30
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF199B901_2_00007FFDFF199B90
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF193C101_2_00007FFDFF193C10
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF242BF01_2_00007FFDFF242BF0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1ACC401_2_00007FFDFF1ACC40
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1ECC401_2_00007FFDFF1ECC40
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1CCC591_2_00007FFDFF1CCC59
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF222C401_2_00007FFDFF222C40
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF23FB101_2_00007FFDFF23FB10
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1FBB001_2_00007FFDFF1FBB00
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1E6B401_2_00007FFDFF1E6B40
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1F4B201_2_00007FFDFF1F4B20
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1B99A01_2_00007FFDFF1B99A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF19FA101_2_00007FFDFF19FA10
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1D58801_2_00007FFDFF1D5880
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF19288E1_2_00007FFDFF19288E
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF24A8601_2_00007FFDFF24A860
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2488D01_2_00007FFDFF2488D0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF19A8C01_2_00007FFDFF19A8C0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2418A01_2_00007FFDFF2418A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1F29501_2_00007FFDFF1F2950
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1A69301_2_00007FFDFF1A6930
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2027E61_2_00007FFDFF2027E6
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1FC8401_2_00007FFDFF1FC840
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1948201_2_00007FFDFF194820
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1EE6701_2_00007FFDFF1EE670
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1F06C01_2_00007FFDFF1F06C0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2496C01_2_00007FFDFF2496C0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2186B01_2_00007FFDFF2186B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2077501_2_00007FFDFF207750
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1945701_2_00007FFDFF194570
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1BE5C01_2_00007FFDFF1BE5C0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1C15A01_2_00007FFDFF1C15A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1B45A01_2_00007FFDFF1B45A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1EB5B01_2_00007FFDFF1EB5B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1A36501_2_00007FFDFF1A3650
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2374601_2_00007FFDFF237460
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1994D01_2_00007FFDFF1994D0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2354A01_2_00007FFDFF2354A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1DA5101_2_00007FFDFF1DA510
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1AC3801_2_00007FFDFF1AC380
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2043B01_2_00007FFDFF2043B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2472C01_2_00007FFDFF2472C0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1DF2D01_2_00007FFDFF1DF2D0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2542B01_2_00007FFDFF2542B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2362A01_2_00007FFDFF2362A0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1AD2B01_2_00007FFDFF1AD2B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1A92B01_2_00007FFDFF1A92B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF23A3101_2_00007FFDFF23A310
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF21A3001_2_00007FFDFF21A300
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1BD3101_2_00007FFDFF1BD310
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1932F51_2_00007FFDFF1932F5
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1BF2F01_2_00007FFDFF1BF2F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1F73501_2_00007FFDFF1F7350
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1973361_2_00007FFDFF197336
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1A21E01_2_00007FFDFF1A21E0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1B22501_2_00007FFDFF1B2250
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF23B2301_2_00007FFDFF23B230
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2370601_2_00007FFDFF237060
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2480B01_2_00007FFDFF2480B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF21E0F01_2_00007FFDFF21E0F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1941201_2_00007FFDFF194120
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761D931_2_00007FFE00761D93
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007616FE1_2_00007FFE007616FE
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007687201_2_00007FFE00768720
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076116D1_2_00007FFE0076116D
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007989201_2_00007FFE00798920
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007D88701_2_00007FFE007D8870
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007616181_2_00007FFE00761618
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761EE21_2_00007FFE00761EE2
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007626171_2_00007FFE00762617
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761A0F1_2_00007FFE00761A0F
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076149C1_2_00007FFE0076149C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007DAC801_2_00007FFE007DAC80
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761B541_2_00007FFE00761B54
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00761CBC1_2_00007FFE00761CBC
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE0076117C1_2_00007FFE0076117C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007627021_2_00007FFE00762702
        Source: C:\Users\user\Desktop\ihost.exeCode function: String function: 00007FFDFF19A500 appears 179 times
        Source: C:\Users\user\Desktop\ihost.exeCode function: String function: 00007FFDFF199340 appears 136 times
        Source: C:\Users\user\Desktop\ihost.exeCode function: String function: 00007FFE00761325 appears 239 times
        Source: C:\Users\user\Desktop\ihost.exeCode function: String function: 00007FF62AA02710 appears 104 times
        Source: C:\Users\user\Desktop\ihost.exeCode function: String function: 00007FFE007DD341 appears 639 times
        Source: C:\Users\user\Desktop\ihost.exeCode function: String function: 00007FFE007DD32F appears 174 times
        Source: C:\Users\user\Desktop\ihost.exeCode function: String function: 00007FF62AA02910 appears 34 times
        Source: C:\Users\user\Desktop\ihost.exeCode function: String function: 00007FFDFF1C1E20 appears 33 times
        Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
        Source: python3.dll.0.drStatic PE information: No import functions for PE file found
        Source: ihost.exe, 00000000.00000003.1724663873.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1722467980.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1722705259.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1724366130.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs ihost.exe
        Source: ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs ihost.exe
        Source: ihost.exeBinary or memory string: OriginalFilename vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2976227205.00007FFE101EC000.00000002.00000001.01000000.00000019.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2982540320.00007FFE148E8000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2967409536.00007FFDFF2F8000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2979021444.00007FFE117E5000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilename_uuid.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2981789067.00007FFE120CD000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2982176830.00007FFE12E16000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2979829763.00007FFE11BB6000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2980349693.00007FFE11EBE000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2978694604.00007FFE11522000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2968910768.00007FFE0137C000.00000002.00000001.01000000.00000018.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2960429456.0000026647760000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilenamelibsslH vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2982352572.00007FFE130C9000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamevcruntime140_1.dllT vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2980988571.00007FFE11EEA000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2977461244.00007FFE10313000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2976100199.00007FFE0EC5E000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2976696898.00007FFE10263000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2964940369.00007FFDFB244000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2967008179.00007FFDFB8A0000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython313.dll. vs ihost.exe
        Source: ihost.exe, 00000001.00000002.2975958143.00007FFE0EC2A000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs ihost.exe
        Source: classification engineClassification label: mal72.troj.winEXE@3/93@1/1
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562Jump to behavior
        Source: ihost.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
        Source: C:\Users\user\Desktop\ihost.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: SELECT action_url, username_value, password_value FROM logins;
        Source: ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
        Source: ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
        Source: ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
        Source: ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
        Source: ihost.exe, ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
        Source: ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
        Source: ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
        Source: ihost.exeReversingLabs: Detection: 63%
        Source: C:\Users\user\Desktop\ihost.exeFile read: C:\Users\user\Desktop\ihost.exeJump to behavior
        Source: unknownProcess created: C:\Users\user\Desktop\ihost.exe "C:\Users\user\Desktop\ihost.exe"
        Source: C:\Users\user\Desktop\ihost.exeProcess created: C:\Users\user\Desktop\ihost.exe "C:\Users\user\Desktop\ihost.exe"
        Source: C:\Users\user\Desktop\ihost.exeProcess created: C:\Users\user\Desktop\ihost.exe "C:\Users\user\Desktop\ihost.exe"Jump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: version.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: vcruntime140.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: libffi-8.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: propsys.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: vcruntime140_1.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: libcrypto-3.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: iphlpapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: libssl-3.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: mswsock.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: sqlite3.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: dnsapi.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: rasadhlp.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: fwpuclnt.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: uxtheme.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: textshaping.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: kernel.appcore.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: textinputframework.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: coreuicomponents.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: ntmarta.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: coremessaging.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: wintypes.dllJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeSection loaded: wintypes.dllJump to behavior
        Source: ihost.exeStatic PE information: Image base 0x140000000 > 0x60000000
        Source: ihost.exeStatic file information: File size 17124652 > 1048576
        Source: ihost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
        Source: ihost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
        Source: ihost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
        Source: ihost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: ihost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
        Source: ihost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
        Source: ihost.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
        Source: ihost.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
        Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: ihost.exe, 00000001.00000002.2968629591.00007FFE01377000.00000002.00000001.01000000.00000018.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: ihost.exe, 00000001.00000002.2964545540.00007FFDFB19A000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: ihost.exe, 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb(('GCTL source: ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982433690.00007FFE148E4000.00000002.00000001.01000000.0000000B.sdmp, _wmi.pyd.0.dr
        Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.15 3 Sep 20243.0.15built on: Wed Sep 4 15:52:04 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_p
        Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: ihost.exe, 00000000.00000003.1725207384.00000194DA912000.00000004.00000020.00020000.00000000.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: ihost.exe, 00000000.00000003.1722467980.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2980668762.00007FFE11EE4000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: ihost.exe, 00000001.00000002.2964545540.00007FFDFB102000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: ihost.exe, 00000000.00000003.1722467980.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2980668762.00007FFE11EE4000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\sqlite3.pdb source: ihost.exe, 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmp
        Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: ihost.exe, 00000001.00000002.2964545540.00007FFDFB19A000.00000002.00000001.01000000.00000010.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: ihost.exe, 00000000.00000003.1725120588.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdb source: ihost.exe, 00000000.00000003.1722705259.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982295909.00007FFE130C5000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: ihost.exe, 00000001.00000002.2979509677.00007FFE11BB3000.00000002.00000001.01000000.00000012.sdmp, select.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: ihost.exe, 00000001.00000002.2980030383.00007FFE11EB3000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: ihost.exe, 00000000.00000003.1724843124.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2981469027.00007FFE120C6000.00000002.00000001.01000000.0000000F.sdmp, _hashlib.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2976569860.00007FFE1025B000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_uuid.pdb source: ihost.exe, 00000000.00000003.1725799642.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2978841983.00007FFE117E3000.00000002.00000001.01000000.00000015.sdmp, _uuid.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: ihost.exe, 00000001.00000002.2976040932.00007FFE0EC52000.00000002.00000001.01000000.0000000D.sdmp, pyexpat.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: ihost.exe, 00000000.00000003.1725296485.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982137982.00007FFE12E13000.00000002.00000001.01000000.0000000E.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: ihost.exe, 00000000.00000003.1724954646.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2976569860.00007FFE1025B000.00000002.00000001.01000000.0000000A.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: ihost.exe, 00000000.00000003.1723837632.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2978628585.00007FFE1151D000.00000002.00000001.01000000.00000009.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: ihost.exe, 00000000.00000003.1725927762.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982433690.00007FFE148E4000.00000002.00000001.01000000.0000000B.sdmp, _wmi.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: ihost.exe, 00000000.00000003.1725375598.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2977149701.00007FFE10309000.00000002.00000001.01000000.00000011.sdmp, _socket.pyd.0.dr
        Source: Binary string: D:\a\1\b\bin\amd64\_sqlite3.pdb source: ihost.exe, 00000001.00000002.2976185593.00007FFE101DF000.00000002.00000001.01000000.00000019.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: ihost.exe, 00000001.00000002.2960429456.0000026647760000.00000002.00000001.01000000.00000006.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\python313.pdb source: ihost.exe, 00000001.00000002.2965312033.00007FFDFB668000.00000002.00000001.01000000.00000004.sdmp
        Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140_1.amd64.pdbGCTL source: ihost.exe, 00000000.00000003.1722705259.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2982295909.00007FFE130C5000.00000002.00000001.01000000.0000000C.sdmp, VCRUNTIME140_1.dll.0.dr
        Source: Binary string: D:\a\1\b\libssl-3.pdb source: ihost.exe, 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmp
        Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: ihost.exe, 00000001.00000002.2975802539.00007FFE0EC0E000.00000002.00000001.01000000.00000013.sdmp, _ssl.pyd.0.dr
        Source: ihost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
        Source: ihost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
        Source: ihost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
        Source: ihost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
        Source: ihost.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
        Source: VCRUNTIME140.dll.0.drStatic PE information: 0x78BDDED1 [Sat Mar 11 17:01:05 2034 UTC]
        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
        Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
        Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
        Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
        Source: python313.dll.0.drStatic PE information: section name: PyRuntim
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1D27AE push rsp; iretd 1_2_00007FFDFF1D27B9
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1D267D push rbx; retf 1_2_00007FFDFF1D2685
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE00784331 push rcx; ret 1_2_00007FFE00784332

        Persistence and Installation Behavior

        barindex
        Found pyInstaller with non standard icon
        Source: C:\Users\user\Desktop\ihost.exeProcess created: "C:\Users\user\Desktop\ihost.exe"
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_BLAKE2b.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_curve25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ofb.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_ghash_portable.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cbc.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Math\_modexp.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_multiprocessing.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_overlapped.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util\_strxor.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_sqlite3.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_poly1305.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_uuid.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA384.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ed448.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA256.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_ARC4.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_wmi.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_aesni.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA224.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_ghash_clmul.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\pyexpat.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_Salsa20.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA512.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ed25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ctr.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD5.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Protocol\_scrypt.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\python313.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ecb.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_aes.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD4.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cfb.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_curve448.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ocb.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140_1.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_arc2.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\libcrypto-3.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_asyncio.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_RIPEMD160.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util\_cpuid_c.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_des3.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_BLAKE2s.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\libssl-3.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD2.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_des.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\libffi-8.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ec_ws.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\sqlite3.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_cffi_backend.cp313-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cast.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_chacha20.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA1.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_keccak.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA05820 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF62AA05820
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFE007A8816 sgdt fword ptr [rax]1_2_00007FFE007A8816
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_BLAKE2b.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_curve25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ofb.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_ghash_portable.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_multiprocessing.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Math\_modexp.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cbc.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md.cp313-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\select.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_overlapped.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_decimal.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util\_strxor.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_sqlite3.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_poly1305.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_uuid.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA384.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\unicodedata.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ed448.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA256.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_ARC4.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_wmi.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_socket.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_aesni.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_ghash_clmul.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA224.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\pyexpat.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_Salsa20.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA512.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ed25519.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ctr.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD5.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\python313.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Protocol\_scrypt.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ecb.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_aes.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD4.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cfb.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_curve448.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ocb.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_arc2.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_asyncio.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_RIPEMD160.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util\_cpuid_c.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\python3.dllJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_des3.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp313-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_BLAKE2s.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD2.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_des.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ec_ws.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_cffi_backend.cp313-win_amd64.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cast.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_chacha20.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA1.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_keccak.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings\_rust.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pydJump to dropped file
        Source: C:\Users\user\Desktop\ihost.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-18205
        Source: C:\Users\user\Desktop\ihost.exeAPI coverage: 1.5 %
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA092F0 FindFirstFileExW,FindClose,0_2_00007FF62AA092F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA083B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF62AA083B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA218E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF62AA218E4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA092F0 FindFirstFileExW,FindClose,1_2_00007FF62AA092F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA083B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF62AA083B0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA218E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF62AA218E4
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF1A1230 GetSystemInfo,1_2_00007FFDFF1A1230
        Source: ihost.exe, 00000000.00000003.1726563619.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
        Source: ihost.exe, 00000001.00000002.2960964088.0000026649327000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
        Source: ihost.exe, 00000001.00000002.2961965633.0000026649E00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: ro.kernel.qemu
        Source: ihost.exe, 00000001.00000002.2961157352.0000026649600000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ro.kernel.qemur
        Source: ihost.exe, 00000001.00000002.2961965633.0000026649E00000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: dro.kernel.qemu
        Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA0D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF62AA0D19C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA234F0 GetProcessHeap,0_2_00007FF62AA234F0
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA0D37C SetUnhandledExceptionFilter,0_2_00007FF62AA0D37C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA0D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF62AA0D19C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA0C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF62AA0C910
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA1A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF62AA1A684
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA0D37C SetUnhandledExceptionFilter,1_2_00007FF62AA0D37C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA0D19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF62AA0D19C
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA0C910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF62AA0C910
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FF62AA1A684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF62AA1A684
        Source: C:\Users\user\Desktop\ihost.exeCode function: 1_2_00007FFDFF2C2920 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFF2C2920
        Source: C:\Users\user\Desktop\ihost.exeProcess created: C:\Users\user\Desktop\ihost.exe "C:\Users\user\Desktop\ihost.exe"Jump to behavior
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA295E0 cpuid 0_2_00007FF62AA295E0
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_wmi.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\pyexpat.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\jaraco VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\select.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_uuid.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp313-win_amd64.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\unicodedata.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\certifi VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562 VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\_sqlite3.pyd VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeQueries volume information: C:\Users\user\Desktop\ihost.exe VolumeInformationJump to behavior
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA0D080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF62AA0D080
        Source: C:\Users\user\Desktop\ihost.exeCode function: 0_2_00007FF62AA25C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF62AA25C70

        Stealing of Sensitive Information

        barindex
        Yara detected Muck Stealer
        Source: Yara matchFile source: 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: ihost.exe PID: 7420, type: MEMORYSTR
        Yara detected Generic Python Stealer
        Source: Yara matchFile source: Process Memory Space: ihost.exe PID: 7420, type: MEMORYSTR

        Remote Access Functionality

        barindex
        Yara detected Muck Stealer
        Source: Yara matchFile source: 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: ihost.exe PID: 7420, type: MEMORYSTR
        Yara detected Generic Python Stealer
        Source: Yara matchFile source: Process Memory Space: ihost.exe PID: 7420, type: MEMORYSTR

        Mitre Att&ck Matrix

        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
        Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
        Native API        		1
        DLL Side-Loading        		11
        Process Injection        		1
        Virtualization/Sandbox Evasion        		OS Credential Dumping2
        System Time Discovery        		Remote Services1
        Archive Collected Data        		22
        Encrypted Channel        		Exfiltration Over Other Network MediumAbuse Accessibility Features
        CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
        DLL Side-Loading        		11
        Process Injection        		LSASS Memory21
        Security Software Discovery        		Remote Desktop ProtocolData from Removable Media1
        Non-Application Layer Protocol        		Exfiltration Over BluetoothNetwork Denial of Service
        Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
        Deobfuscate/Decode Files or Information        		Security Account Manager1
        Virtualization/Sandbox Evasion        		SMB/Windows Admin SharesData from Network Shared Drive2
        Application Layer Protocol        		Automated ExfiltrationData Encrypted for Impact
        Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
        Obfuscated Files or Information        		NTDS1
        File and Directory Discovery        		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
        Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
        Timestomp        		LSA Secrets23
        System Information Discovery        		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
        DLL Side-Loading        		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        SourceDetectionScannerLabelLink
        ihost.exe63%ReversingLabsWin64.Trojan.CrealStealer

        Dropped Files

        SourceDetectionScannerLabelLink
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD4.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD5.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA1.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA224.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA256.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA384.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA512.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_keccak.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_poly1305.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Math\_modexp.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util\_strxor.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140_1.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_asyncio.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_cffi_backend.cp313-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_decimal.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_multiprocessing.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_overlapped.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_socket.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_sqlite3.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_uuid.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\_wmi.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md.cp313-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp313-win_amd64.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\libcrypto-3.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\libffi-8.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\libssl-3.dll0%ReversingLabs
        C:\Users\user\AppData\Local\Temp\_MEI73562\pyexpat.pyd0%ReversingLabs

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        https://discord.gift/100%Avira URL Cloudmalware
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0%Avira URL Cloudsafe
        http://cacerts.digi5$=90%Avira URL Cloudsafe
        http://cacerts.dig5$=90%Avira URL Cloudsafe
        https://nationsglory.fr/profile/0%Avira URL Cloudsafe
        http://repository.swisssign.com/j0%Avira URL Cloudsafe
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:0%Avira URL Cloudsafe
        http://repository.swisssign.com/U0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        discord.com
        		162.159.136.232
        		truefalse
          		high

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://nationsglory.fr/profile/ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://github.com/astral-sh/ruffMETADATA0.0.drfalse
            		high
            https://discord.gift/ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: malware
            		unknown
            https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesihost.exe, 00000001.00000002.2961387440.0000026649900000.00000004.00001000.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgMETADATA0.0.drfalse
              		high
              https://coinbase.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                		high
                https://tiktok.com/ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://github.com/python/importlib_metadata/issuesMETADATA0.0.drfalse
                    		high
                    https://tiktok.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                      		high
                      https://discord.com/ihost.exe, 00000001.00000002.2963484652.000002664B00C000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        https://discord.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                          		high
                          https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#ihost.exe, 00000001.00000002.2960964088.00000266492CB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1756891660.00000266492F8000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1751930750.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1755985881.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1753418565.00000266492F5000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://api19-va.tiktokv.com/aweme/v1/user/profile/self/?ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
                              		high
                              https://packaging.python.org/en/latest/specifications/recording-installed-packages/#the-record-fileihost.exe, 00000001.00000002.2960964088.0000026649327000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://importlib-metadata.readthedocs.io/METADATA0.0.drfalse
                                  		high
                                  https://www.apache.org/licenses/LICENSE-2.0ihost.exe, 00000000.00000003.1729600862.00000194DA920000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                    		high
                                    https://packaging.python.org/en/latest/specifications/core-metadata/ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                      		high
                                      https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        https://paypal.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/pypa/packagingihost.exe, 00000001.00000002.2962038618.0000026649F00000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://i.instagram.com/api/v1/users/web_profile_info/?username=ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://readthedocs.org/projects/importlib-metadata/badge/?version=latestMETADATA0.0.drfalse
                                                		high
                                                https://refspecs.linuxfoundation.org/elf/gabi4ihost.exe, 00000001.00000002.2962038618.0000026649F00000.00000004.00001000.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774642645.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771367923.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771652900.0000026649728000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://www.accv.es/legislacion_c.htmQihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://discord.com/api/webhooks/1267176433306829014/YhEVi7QXrkO9uMJodvR8Fp2e6uTZlqxB6sVXodhGTQI4MPsihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://repository.swisssign.com/jihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://discord.com/api/v9/users/ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://xbox.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://tools.ietf.org/html5297ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://youtube.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://blog.jaraco.com/skeletonMETADATA0.0.drfalse
                                                                  		high
                                                                  https://tools.ietf.org/html/rfc3610ihost.exe, 00000001.00000002.2962652670.000002664A6A2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://github.com/platformdirs/platformdirsihost.exe, 00000001.00000002.2962184134.000002664A100000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.dhimyotis.com/certignarootca.crlihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://curl.haxx.se/rfc/cookie_spec.htmlihost.exe, 00000001.00000002.2962896418.000002664AD34000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://repository.swisssign.com/Uihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:ihost.exe, 00000001.00000003.1759666379.000002664978E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://cacerts.digi5$=9ihost.exe, 00000000.00000003.1725639052.00000194DA912000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://crunchyroll.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://discord.comihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.instagram.com/ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://pypi.org/project/build/).ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://wwww.certigna.fr/autorites/0mihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerihost.exe, 00000001.00000002.2960964088.00000266492CB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1756891660.00000266492F8000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1751930750.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1755985881.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1753418565.00000266492F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://github.com/python/cpython/issues/86361.ihost.exe, 00000001.00000003.1769487269.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1767704402.00000266497B4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770809131.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1768513594.0000026649AB1000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774642645.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770299738.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771367923.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771652900.0000026649728000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1768662841.0000026649AB2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1770889364.000002664973A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1768695283.00000266497B6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://ebay.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://httpbin.org/ihost.exe, 00000001.00000002.2961469073.0000026649CE4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.apache.org/licenses/LICENSE.APACHE.0.drfalse
                                                                                                  		high
                                                                                                  https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                    		high
                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://playstation.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://img.shields.io/badge/skeleton-2024-informationalMETADATA0.0.drfalse
                                                                                                            		high
                                                                                                            https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-theihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cryptography.io/en/latest/installation/ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                  		high
                                                                                                                  https://sellix.io)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/pypa/setuptools/issues/417#issuecomment-392298401ihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://cdn.discordapp.com/attachments/1086668425797058691/1113770559688413245/app.asarihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://crl.securetrust.com/STCA.crlihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://tools.ietf.org/html/rfc6125#section-6.4.3ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://discord.com/api/v6/guilds/ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.cert.fnmt.es/dpcs/ihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://google.com/mailihost.exe, 00000001.00000002.2961469073.0000026649CE4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://img.shields.io/pypi/v/importlib_metadata.svgMETADATA0.0.drfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/jaraco/jaraco.functools/issues/5ihost.exe, 00000001.00000002.2962113575.000002664A000000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.accv.es00ihost.exe, 00000001.00000002.2961469073.0000026649D7A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.rfc-editor.org/info/rfc7253ihost.exe, 00000001.00000002.2962782638.000002664A750000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962652670.000002664A6D7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                              		high
                                                                                                                                              https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://cacerts.dig5$=9ihost.exe, 00000000.00000003.1723333453.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725482348.00000194DA912000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000000.00000003.1725799642.00000194DA91F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://mahler:8092/site-updates.pyihost.exe, 00000001.00000003.1772446551.0000026649BBB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1775457269.0000026649BBB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1771595897.0000026649BA4000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://tools.ietf.org/html/rfc7231#section-4.3.6)ihost.exe, 00000001.00000003.1773629757.0000026649B2C000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1772446551.0000026649B47000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1772446551.0000026649AF0000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1775433066.0000026649B5A000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1774875859.0000026649B6B000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://discord.gg/ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.firmaprofesional.com/cps0ihost.exe, 00000001.00000002.2961157352.00000266496CA000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962517012.000002664A62F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specihost.exe, 00000001.00000002.2960671411.0000026649030000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://netflix.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/urllib3/urllib3/issues/2920ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://gmail.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crl.securetrust.com/SGCA.crl0ihost.exe, 00000001.00000002.2961469073.0000026649B8E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataihost.exe, 00000001.00000002.2960964088.00000266492CB000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1756891660.00000266492F8000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1751930750.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1755985881.00000266492F2000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000003.1753418565.00000266492F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://crl.dhimyotis.com/certignarootca.crl2.ihost.exe, 00000001.00000002.2961469073.0000026649DDD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://www.quovadisglobal.com/cps8ihost.exe, 00000001.00000002.2961469073.0000026649AC0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://outlook.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22METADATA0.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://github.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://www.quovadisglobal.com/cps0ihost.exe, 00000001.00000002.2961469073.0000026649A00000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://binance.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://cryptography.io/en/latest/changelog/ihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://spotify.com)ihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://mail.python.org/mailman/listinfo/cryptography-devihost.exe, 00000000.00000003.1728412821.00000194DA915000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.ymlihost.exe, 00000001.00000002.2962260983.000002664A210000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://docs.python.org/library/itertools.html#recipesihost.exe, 00000001.00000003.1771307971.0000026649B2C000.00000004.00000020.00020000.00000000.sdmp, ihost.exe, 00000001.00000002.2962038618.0000026649F00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://discord.com/api/users/ihost.exe, 00000001.00000002.2962338835.000002664A310000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://api.gofile.io/getServerihost.exe, 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  162.159.136.232
                                                                                                                                                                                                  		discord.comUnited States
                                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                  Analysis ID:1574330
                                                                                                                                                                                                  Start date and time:2024-12-13 08:44:28 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 8m 52s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Number of analysed new started processes analysed:6
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                  Sample name:ihost.exe
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal72.troj.winEXE@3/93@1/1
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                                  • VT rate limit hit for: ihost.exe

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  No simulations

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  162.159.136.232S23UhdW5DH.exeGet hashmaliciousLummaC, Glupteba, SmokeLoader, Socks5Systemz, StealcBrowse
                                                                                                                                                                                                  • discord.com/administrator/index.php

                                                                                                                                                                                                  Domains

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  discord.comshost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                  • 162.159.136.232
                                                                                                                                                                                                  sppawx.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                  • 162.159.135.232
                                                                                                                                                                                                  ahost.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                  • 162.159.135.232
                                                                                                                                                                                                  wsapx.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                  • 162.159.136.232
                                                                                                                                                                                                  WE8zqotCFj.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                  • 162.159.137.232
                                                                                                                                                                                                  ozAxx9uGHu.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                  • 162.159.136.232
                                                                                                                                                                                                  eCXXUk54sx.exeGet hashmaliciousDivulge StealerBrowse
                                                                                                                                                                                                  • 162.159.128.233
                                                                                                                                                                                                  apDMcnqqWs.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 162.159.138.232
                                                                                                                                                                                                  https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 162.159.135.232
                                                                                                                                                                                                  file.exeGet hashmaliciousAmadey, AsyncRAT, Credential Flusher, LummaC Stealer, Stealc, StormKitty, VenomRATBrowse
                                                                                                                                                                                                  • 162.159.128.233

                                                                                                                                                                                                  ASNs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  CLOUDFLARENETUSshost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                  • 162.159.136.232
                                                                                                                                                                                                  sppawx.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                  • 162.159.135.232
                                                                                                                                                                                                  ahost.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                  • 162.159.135.232
                                                                                                                                                                                                  wsapx.exeGet hashmaliciousBlank GrabberBrowse
                                                                                                                                                                                                  • 162.159.136.232
                                                                                                                                                                                                  main.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 104.20.4.235
                                                                                                                                                                                                  in.exeGet hashmaliciousBabadeda, HTMLPhisherBrowse
                                                                                                                                                                                                  • 104.17.25.14
                                                                                                                                                                                                  CVmkXJ7e0a.exeGet hashmaliciousSheetRatBrowse
                                                                                                                                                                                                  • 104.16.185.241
                                                                                                                                                                                                  naukri-launcher 10.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  • 172.64.41.3
                                                                                                                                                                                                  WE8zqotCFj.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                  • 162.159.137.232
                                                                                                                                                                                                  ozAxx9uGHu.exeGet hashmaliciousBlank Grabber, Umbral StealerBrowse
                                                                                                                                                                                                  • 162.159.136.232

                                                                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                                                                  No context

                                                                                                                                                                                                  Dropped Files

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_ARC4.pydshost.exeGet hashmaliciousPython Stealer, Muck StealerBrowse
                                                                                                                                                                                                    lz4wnSavmK.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                      WVuXCNNYG0.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                        dipwo1iToJ.exeGet hashmaliciousPython StealerBrowse
                                                                                                                                                                                                          ROh2ijuEpr.exeGet hashmaliciousBabuk, ContiBrowse
                                                                                                                                                                                                            zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              back.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                zed.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                  file.exeGet hashmaliciousPython Stealer, Amadey, LummaC Stealer, Nymaim, StealcBrowse
                                                                                                                                                                                                                    file.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):11264
                                                                                                                                                                                                                      Entropy (8bit):4.640339306680604
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:dLklddyTHThob0q/tJRrlDfNYSOcqgYCWt:ZgcdZq/JJD6gRWt
                                                                                                                                                                                                                      MD5:BCD8CAAF9342AB891BB1D8DD45EF0098
                                                                                                                                                                                                                      SHA1:EE7760BA0FF2548F25D764F000EFBB1332BE6D3E
                                                                                                                                                                                                                      SHA-256:78725D2F55B7400A3FCAFECD35AF7AEB253FBC0FFCDF1903016EB0AABD1B4E50
                                                                                                                                                                                                                      SHA-512:8B6FB53AECB514769985EBFDAB1B3C739024597D9C35905E04971D5422256546F7F169BF98F9BAF7D9F42A61CFF3EE7A20664989D3000773BF5EDA10CB3A0C24
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                      • Filename: shost.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: lz4wnSavmK.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: WVuXCNNYG0.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: dipwo1iToJ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: ROh2ijuEpr.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: back.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: zed.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                      Entropy (8bit):5.0194545642425075
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDFhAlcqgcLg:F/k1ACln4lDogcLg
                                                                                                                                                                                                                      MD5:F19CB847E567A31FAB97435536C7B783
                                                                                                                                                                                                                      SHA1:4C8BFE404AF28C1781740E7767619A5E2D2FF2B7
                                                                                                                                                                                                                      SHA-256:1ECE1DC94471D6977DBE2CEEBA3764ADF0625E2203D6257F7C781C619D2A3DAD
                                                                                                                                                                                                                      SHA-512:382DC205F703FC3E1F072F17F58E321E1A65B86BE7D9D6B07F24A02A156308A7FEC9B1A621BA1F3428FD6BB413D14AE9ECB2A2C8DD62A7659776CFFDEBB6374C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                                      Entropy (8bit):5.037456384995606
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDw6a9lkOcqgRGd:p/kpMIodrXbsiDS95gRGd
                                                                                                                                                                                                                      MD5:DC14677EA8A8C933CC41F9CCF2BEDDC1
                                                                                                                                                                                                                      SHA1:A6FB87E8F3540743097A467ABE0723247FDAF469
                                                                                                                                                                                                                      SHA-256:68F081E96AE08617CF111B21EDED35C1774A5EF1223DF9A161C9445A78F25C73
                                                                                                                                                                                                                      SHA-512:3ABA4CFCBBE4B350AB3230D488BD75186427E3AAAF38D19E0E1C7330F16795AD77FB6E26FF39AF29EAF4F5E8C42118CB680F90AFBFCA218AEDA64DC444675BA2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                                      Entropy (8bit):5.09191874780435
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:rMVsiXeqVb0lIb0Pj5Jdfpm68WZDInU282tacqgYLg:rM7ali0Pj5JxCaDuUlgYLg
                                                                                                                                                                                                                      MD5:C09BB8A30F0F733C81C5C5A3DAD8D76D
                                                                                                                                                                                                                      SHA1:46FD3BA87A32D12F4EE14601D1AD73B78EDC81D1
                                                                                                                                                                                                                      SHA-256:8A1B751DB47CE7B1D3BD10BEBFFC7442BE4CFB398E96E3B1FF7FB83C88A8953D
                                                                                                                                                                                                                      SHA-512:691AC74FAE930E9CEABE782567EFB99C50DD9B8AD607DD7F99A5C7DF2FA2BEB7EDFE2EBB7095A72DA0AE24E688FBABD340EAE8B646D5B8C394FEE8DDD5E60D31
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Reputation:moderate, very likely benign file
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):36352
                                                                                                                                                                                                                      Entropy (8bit):6.541423493519083
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:f/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxme:klcR7JriEbwDaS4j990th9VDBV
                                                                                                                                                                                                                      MD5:0AB25F99CDAACA6B11F2ECBE8223CAD5
                                                                                                                                                                                                                      SHA1:7A881B3F84EF39D97A31283DE6D7B7AE85C8BAE6
                                                                                                                                                                                                                      SHA-256:6CE8A60D1AB5ADC186E23E3DE864D7ADF6BDD37E3B0C591FA910763C5C26AF60
                                                                                                                                                                                                                      SHA-512:11E89EEF34398DF3B144A0303E08B3A4CAF41A9A8CA618C18135F561731F285F8CF821D81179C2C45F6EEB0E496D9DD3ECF6FF202A3C453C80AFEF8582D06C17
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                      Entropy (8bit):5.367749645917753
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:YiJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bD9JXx03cqg5YUMLgs:/k1kTMZEjCWNaA2DTx0g5YUMLg
                                                                                                                                                                                                                      MD5:B6EA675C3A35CD6400A7ECF2FB9530D1
                                                                                                                                                                                                                      SHA1:0E41751AA48108D7924B0A70A86031DDE799D7D6
                                                                                                                                                                                                                      SHA-256:76EF4C1759B5553550AB652B84F8E158BA8F34F29FD090393815F06A1C1DC59D
                                                                                                                                                                                                                      SHA-512:E31FD33E1ED6D4DA3957320250282CFD9EB3A64F12DE4BD2DFE3410F66725164D96B27CAA34C501D1A535A5A2442D5F070650FD3014B4B92624EE00F1C3F3197
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16384
                                                                                                                                                                                                                      Entropy (8bit):5.41148259289073
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:w3d9FkHaz0EJvrj+CYuz7ucc9dG7otDr22KcqgOiewZjW:YkHEJzj+X6769lDzagO/w
                                                                                                                                                                                                                      MD5:F14E1AA2590D621BE8C10321B2C43132
                                                                                                                                                                                                                      SHA1:FD84D11619DFFDF82C563E45B48F82099D9E3130
                                                                                                                                                                                                                      SHA-256:FCE70B3DAFB39C6A4DB85D2D662CB9EB9C4861AA648AD7436E7F65663345D177
                                                                                                                                                                                                                      SHA-512:A86B9DF163007277D26F2F732ECAB9DBCA8E860F8B5809784F46702D4CEA198824FDEF6AB98BA7DDC281E8791C10EABA002ABDA6F975323B36D5967E0443C1E4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):20992
                                                                                                                                                                                                                      Entropy (8bit):6.041302713678401
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:kUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8NDBcxgprAM:6NbRzWXwDqgLa1uBfP
                                                                                                                                                                                                                      MD5:B127CAE435AEB8A2A37D2A1BC1C27282
                                                                                                                                                                                                                      SHA1:2A7BF8BF7F24B2381370BA6B41FB640EE42BDCCD
                                                                                                                                                                                                                      SHA-256:538B1253B5929254ED92129FA0957DB26CDDF34A8372BA0BF19D20D01549ADA3
                                                                                                                                                                                                                      SHA-512:4FE027E46D5132CA63973C67BD5394F2AC74DD4BBCFE93CB16136FAB4B6BF67BECB5A0D4CA359FF9426DA63CA81F793BBF1B79C8A9D8372C53DCB5796D17367E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):24576
                                                                                                                                                                                                                      Entropy (8bit):6.530656045206549
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:cEDwUBi9SPu71omZXmrfXA+UA10ol31tuXVYdAgYj:FsUBXmoEXmrXA+NNxWFYfo
                                                                                                                                                                                                                      MD5:2E15AA6F97ED618A3236CFA920988142
                                                                                                                                                                                                                      SHA1:A9D556D54519D3E91FA19A936ED291A33C0D1141
                                                                                                                                                                                                                      SHA-256:516C5EA47A7B9A166F2226ECBA79075F1A35EFFF14D87E00006B34496173BB78
                                                                                                                                                                                                                      SHA-512:A6C75C4A285753CC94E45500E8DD6B6C7574FB7F610FF65667F1BEC8D8B413FC10514B7D62F196C2B8D017C308C5E19E2AEF918021FA81D0CB3D8CED37D8549A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                      Entropy (8bit):4.7080156150187396
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:lF/1n7Guqaj0ktfEJwX1fYwCODR3lncqg0Gd6l:RGXkJEm1feODxDg0Gd6
                                                                                                                                                                                                                      MD5:40390F2113DC2A9D6CFAE7127F6BA329
                                                                                                                                                                                                                      SHA1:9C886C33A20B3F76B37AA9B10A6954F3C8981772
                                                                                                                                                                                                                      SHA-256:6BA9C910F755885E4D356C798A4DD32D2803EA4CFABB3D56165B3017D0491AE2
                                                                                                                                                                                                                      SHA-512:617B963816838D649C212C5021D7D0C58839A85D4D33BBAF72C0EC6ECD98B609080E9E57AF06FA558FF302660619BE57CC974282826AB9F21AE0D80FBAA831A1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                                                                      Entropy (8bit):5.159963979391524
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:kblRgfeqfz0RP767fB4A84DgVD6eDcqgzbkLgmf:BwRj67p84Dg6eVgzbkLgmf
                                                                                                                                                                                                                      MD5:899895C0ED6830C4C9A3328CC7DF95B6
                                                                                                                                                                                                                      SHA1:C02F14EBDA8B631195068266BA20E03210ABEABC
                                                                                                                                                                                                                      SHA-256:18D568C7BE3E04F4E6026D12B09B1FA3FAE50FF29AC3DEAF861F3C181653E691
                                                                                                                                                                                                                      SHA-512:0B4C50E40AF92BC9589668E13DF417244274F46F5A66E1FC7D1D59BC281969BA319305BECEA119385F01CC4603439E4B37AFA2CF90645425210848A02839E3E7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                      Entropy (8bit):5.270418334522813
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:vktJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDZVMcqgnF6+6Lg:vkdU1ID3AdXd49urQPDggnUjLg
                                                                                                                                                                                                                      MD5:C4C525B081F8A0927091178F5F2EE103
                                                                                                                                                                                                                      SHA1:A1F17B5EA430ADE174D02ECC0B3CB79DBF619900
                                                                                                                                                                                                                      SHA-256:4D86A90B2E20CDE099D6122C49A72BAE081F60EB2EEA0F76E740BE6C41DA6749
                                                                                                                                                                                                                      SHA-512:7C06E3E6261427BC6E654B2B53518C7EAA5F860A47AE8E80DC3F8F0FED91E122CB2D4632188DC44123FB759749B5425F426CD1153A8F84485EF0491002B26555
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):56832
                                                                                                                                                                                                                      Entropy (8bit):4.231032526864278
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:0qcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZA21agVF:fEiqHHx4vZDV
                                                                                                                                                                                                                      MD5:F9E266F763175B8F6FD4154275F8E2F0
                                                                                                                                                                                                                      SHA1:8BE457700D58356BC2FA7390940611709A0E5473
                                                                                                                                                                                                                      SHA-256:14D2799BE604CBDC668FDE8834A896EEE69DAE0E0D43B37289FCCBA35CEF29EC
                                                                                                                                                                                                                      SHA-512:EB3E37A3C3FF8A65DEF6FA20941C8672A8197A41977E35AE2DC6551B5587B84C2703758320559F2C93C0531AD5C9D0F6C36EC5037669DC5CE78EB3367D89877B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):57344
                                                                                                                                                                                                                      Entropy (8bit):4.252429732285762
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:J4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZGsURygUX:GEO6CHnX0vZb7
                                                                                                                                                                                                                      MD5:DECF524B2D53FCD7D4FA726F00B3E5FC
                                                                                                                                                                                                                      SHA1:E87C6ED4004F2772B888C5B5758AA75FE99D2F6F
                                                                                                                                                                                                                      SHA-256:58F7053EE70467D3384C73F299C0DFD63EEF9744D61D1980D9D2518974CA92D4
                                                                                                                                                                                                                      SHA-512:EAFF4FD80843743E61CE635FBADF4E5D9CF2C3E97F3C48350BD9E755F4423AC6867F9FE8746BD5C54E1402B18E8A55AEEF7ACA098C7CF4186DC4C1235EB35DF2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                      Entropy (8bit):4.690163963718492
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:Yddz2KTnThIz0qfteRY4zp+D3PLui8p1cqgHCWt:k2E9RqfCXp+D3juRpLgiWt
                                                                                                                                                                                                                      MD5:80BB1E0E06ACAF03A0B1D4EF30D14BE7
                                                                                                                                                                                                                      SHA1:B20CAC0D2F3CD803D98A2E8A25FBF65884B0B619
                                                                                                                                                                                                                      SHA-256:5D1C2C60C4E571B88F27D4AE7D22494BED57D5EC91939E5716AFA3EA7F6871F6
                                                                                                                                                                                                                      SHA-512:2A13AB6715B818AD62267AB51E55CD54714AEBF21EC9EA61C2AEFD56017DC84A6B360D024F8682A2E105582B9C5FE892ECEBD2BEF8A492279B19FFD84BC83FA5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22016
                                                                                                                                                                                                                      Entropy (8bit):6.1215844022564285
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:nUX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8xCkgJrAm:jNbRw8EbxwKBwbD+gLa1nh
                                                                                                                                                                                                                      MD5:3727271FE04ECB6D5E49E936095E95BC
                                                                                                                                                                                                                      SHA1:46182698689A849A8C210A8BF571D5F574C6F5B1
                                                                                                                                                                                                                      SHA-256:3AF5B35DCD5A3B6C7E88CEE53F355AAFFF40F2C21DABD4DE27DBB57D1A29B63B
                                                                                                                                                                                                                      SHA-512:5BED1F4DF678FE90B8E3F1B7C4F68198463E579209B079CB4A40DCAC01CE26AA2417DBE029B196F6F2C6AFAD560E2D1AF9F089ABE37EAD121CA10EE69D9659ED
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17920
                                                                                                                                                                                                                      Entropy (8bit):5.293810509074883
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:4PHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgDQ3iNgnVbwhA:dUOhBcDRogeXOfoTezcio3pUJgDQ3i+
                                                                                                                                                                                                                      MD5:78AEF441C9152A17DD4DC40C7CC9DF69
                                                                                                                                                                                                                      SHA1:6BB6F8426AFA6522E647DFC82B1B64FAF3A9781F
                                                                                                                                                                                                                      SHA-256:56E4E4B156295F1AAA22ECB5481841DE2A9EB84845A16E12A7C18C7C3B05B707
                                                                                                                                                                                                                      SHA-512:27B27E77BE81B29D42359FE28531225383860BCD19A79044090C4EA58D9F98009A254BF63585979C60B3134D47B8233941ABB354A291F23C8641A4961FA33107
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):11776
                                                                                                                                                                                                                      Entropy (8bit):4.862619033406922
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:0Ga+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDULk+VOmWbucX6gR7:PF/1n7Guqaj0ktfEON+bMDUlJcqg0Gd
                                                                                                                                                                                                                      MD5:19E0ABF76B274C12FF624A16713F4999
                                                                                                                                                                                                                      SHA1:A4B370F556B925F7126BF87F70263D1705C3A0DB
                                                                                                                                                                                                                      SHA-256:D9FDA05AE16C5387AB46DC728C6EDCE6A3D0A9E1ABDD7ACB8B32FC2A17BE6F13
                                                                                                                                                                                                                      SHA-512:D03033EA5CF37641FBD802EBEB5019CAEF33C9A78E01519FEA88F87E773DCA92C80B74BA80429B530694DAD0BFA3F043A7104234C7C961E18D48019D90277C8E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                                      Entropy (8bit):5.227045547076371
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:saF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDn4clG6VcqgOvgdd:swGXkFE8Zo+AojO9jZeDf5rgOvgz
                                                                                                                                                                                                                      MD5:309D6F6B0DD022EBD9214F445CAC7BB9
                                                                                                                                                                                                                      SHA1:ABD22690B7AD77782CFC0D2393D0C038E16070B0
                                                                                                                                                                                                                      SHA-256:4FBE188C20FB578D4B66349D50AA6FFE4AB86844FB6427C57738F36780D1E2E2
                                                                                                                                                                                                                      SHA-512:D1951FE92F83E7774E8E877815BED6E6216D56EF18B7F1C369D678CB6E1814243659E9FA7ABC0D22FB5B34A9D50A51D5A89BA00AE1FDD32157FD0FF9902FB4B7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                      Entropy (8bit):5.176369829782773
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:rF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreD2mf1AoxkVcqgOvgXQ:rGXkFE/UW575tA2eDp1Ao2rgOvgX
                                                                                                                                                                                                                      MD5:D54FEB9A270B212B0CCB1937C660678A
                                                                                                                                                                                                                      SHA1:224259E5B684C7AC8D79464E51503D302390C5C9
                                                                                                                                                                                                                      SHA-256:032B83F1003A796465255D9B246050A196488BAC1260F628913E536314AFDED4
                                                                                                                                                                                                                      SHA-512:29955A6569CA6D039B35BB40C56AEEB75FC765600525D0B469F72C97945970A428951BAB4AF9CD21B3161D5BBA932F853778E2674CA83B14F7ABA009FA53566F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):14336
                                                                                                                                                                                                                      Entropy (8bit):5.047563322651927
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:6alCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHD9CIg5kP:5CvHmp3OpnEhmLg9yH8puzoFaPERIQgI
                                                                                                                                                                                                                      MD5:52DCD4151A9177CF685BE4DF48EA9606
                                                                                                                                                                                                                      SHA1:F444A4A5CBAE9422B408420115F0D3FF973C9705
                                                                                                                                                                                                                      SHA-256:D54375DC0652358A6E4E744F1A0EAEEAD87ACCD391A20D6FF324FE14E988A122
                                                                                                                                                                                                                      SHA-512:64C54B89F2637759309ECC6655831C3A6755924ED70CBC51614061542EB9BA9A8AECF6951EB3AB92447247DC4D7D846C88F4957DBBE4484A9AB934343EE27178
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                      Entropy (8bit):5.09893680790018
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:xsiXeqVb0lwbH4P01sAD7I/9hAkwDWzBEbcqgqLg:valqH4M1sAD7KvpwDFtgqLg
                                                                                                                                                                                                                      MD5:F929B1A3997427191E07CF52AC883054
                                                                                                                                                                                                                      SHA1:C5EA5B68586C2FB09E5FDD20D4DD616D06F5CBA6
                                                                                                                                                                                                                      SHA-256:5386908173074FABD95BF269A9DF0A4E1B21C0576923186F449ABF4A820F6A8E
                                                                                                                                                                                                                      SHA-512:2C79DBCE2C21214D979AB86DD989D41A3AFA7FCB7F3B79BA9974E2EE8F832DD7CA20C1C87C0C380DB037D776FE6D0851D60AD55A08AFDE0003B7E59214DD2F3B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15360
                                                                                                                                                                                                                      Entropy (8bit):5.451865349855574
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:KfwogDHER1wuiDSyoGTgDZOviNgEPrLg:ugDHELwuiDScTgDwi+EP
                                                                                                                                                                                                                      MD5:1FA5E257A85D16E916E9C22984412871
                                                                                                                                                                                                                      SHA1:1AC8EE98AD0A715A1B40AD25D2E8007CDC19871F
                                                                                                                                                                                                                      SHA-256:D87A9B7CAD4C451D916B399B19298DC46AAACC085833C0793092641C00334B8E
                                                                                                                                                                                                                      SHA-512:E4205355B647C6E28B7E4722328F51DC2EB3A109E9D9B90F7C53D7A80A5A4B10E40ABDDAB1BA151E73EF3EB56941F843535663F42DCE264830E6E17BB659EADF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13824
                                                                                                                                                                                                                      Entropy (8bit):5.104245335186531
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:3F/1n7Guqaj0kt7/Ev9kt0Qwac6QzD8iD0QocqgI4G0S:nGXkd/EvGt9wacNDvAgI4v
                                                                                                                                                                                                                      MD5:FAD578A026F280C1AE6F787B1FA30129
                                                                                                                                                                                                                      SHA1:9A3E93818A104314E172A304C3D117B6A66BEB55
                                                                                                                                                                                                                      SHA-256:74A1FF0801F4704158684267CD8E123F83FB6334FE522C1890AC4A0926F80AB1
                                                                                                                                                                                                                      SHA-512:ACF8F5B382F3B4C07386505BBDCAF625D13BCC10AA93ED641833E3548261B0AD1063E2F59BE2FCD2AFAF3D315CB3FC5EB629CEFC168B33CFD65A3A6F1120F7FF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):17920
                                                                                                                                                                                                                      Entropy (8bit):5.671305741258107
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:APHoDUntQj0sKhDOJ+0QPSfu6rofDjiZzgE+kbwb:VUOYsKNO466DjoUE+
                                                                                                                                                                                                                      MD5:556E6D0E5F8E4DA74C2780481105D543
                                                                                                                                                                                                                      SHA1:7A49CDEF738E9FE9CD6CD62B0F74EAD1A1774A33
                                                                                                                                                                                                                      SHA-256:247B0885CF83375211861F37B6DD1376AED5131D621EE0137A60FE7910E40F8B
                                                                                                                                                                                                                      SHA-512:28FA0CE6BDBCC5E95B80AADC284C12658EF0C2BE63421AF5627776A55050EE0EA0345E30A15B744FC2B2F5B1B1BBB61E4881F27F6E3E863EBAAEED1073F4CDA1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21504
                                                                                                                                                                                                                      Entropy (8bit):5.878701941774916
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:EJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1OhgkxEv:EcIRnHX1P/YtswvaD1Rk
                                                                                                                                                                                                                      MD5:2F2655A7BBFE08D43013EDDA27E77904
                                                                                                                                                                                                                      SHA1:33D51B6C423E094BE3E34E5621E175329A0C0914
                                                                                                                                                                                                                      SHA-256:C734ABBD95EC120CB315C43021C0E1EB1BF2295AF9F1C24587334C3FCE4A5BE1
                                                                                                                                                                                                                      SHA-512:8AF99ACC969B0E560022F75A0CDCAA85D0BDEADADEACD59DD0C4500F94A5843EA0D4107789C1A613181B1F4E5252134A485EF6B1D9D83CDB5676C5FEE4D49B90
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):21504
                                                                                                                                                                                                                      Entropy (8bit):5.881781476285865
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:EJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD12gkxEv:EcIRnHXfP/YtswvaD1zk
                                                                                                                                                                                                                      MD5:CDE035B8AB3D046B1CE37EEE7EE91FA0
                                                                                                                                                                                                                      SHA1:4298B62ED67C8D4F731D1B33E68D7DC9A58487FF
                                                                                                                                                                                                                      SHA-256:16BEA322D994A553B293A724B57293D57DA62BC7EAF41F287956B306C13FD972
                                                                                                                                                                                                                      SHA-512:C44FDEE5A210459CE4557351E56B2D357FD4937F8EC8EACEAB842FEE29761F66C2262FCBAAC837F39C859C67FA0E23D13E0F60B3AE59BE29EB9D8ABAB0A572BB
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26624
                                                                                                                                                                                                                      Entropy (8bit):5.837887867708438
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:e839Cc4itui0gel9soFdkO66MlPGXmXcyYDTzks:Ns4u/FZ6nPxMLDvk
                                                                                                                                                                                                                      MD5:999D431197D7E06A30E0810F1F910B9A
                                                                                                                                                                                                                      SHA1:9BFF781221BCFFD8E55485A08627EC2A37363C96
                                                                                                                                                                                                                      SHA-256:AB242B9C9FB662C6F7CB57F7648F33983D6FA3BB0683C5D4329EC2CC51E8C875
                                                                                                                                                                                                                      SHA-512:A5DD92DD471ADB44EEFE5919EF9CA3978724E21174DF5B3A9C1F0AB462F928E5A46A460D02417DB7522F5DE3BFEED5EEE6B1EAFAF3E621722E85E72675F7096F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26624
                                                                                                                                                                                                                      Entropy (8bit):5.895310340516013
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:lcX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTOvk:a38u/FZ6nPxM3DAk
                                                                                                                                                                                                                      MD5:0931ABBF3AED459B1A2138B551B1D3BB
                                                                                                                                                                                                                      SHA1:9EC0296DDAF574A89766A2EC035FC30073863AB0
                                                                                                                                                                                                                      SHA-256:1729A0DC6B80CB7A3C07372B98B10D3C6C613EA645240878E1FDE6A992FA06F1
                                                                                                                                                                                                                      SHA-512:9F970BB4D10B94F525DDDDE307C7DA5E672BBFB3A3866A34B89B56ADA99476724FD690A4396857182749294F67F36DB471A048789FB715D2A7DAF46917FC1947
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):12800
                                                                                                                                                                                                                      Entropy (8bit):4.967737129255606
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:dMpWt/1nCuqaL0kt7TsEx2fiTgDZqGF0T7cqgkLgJ:k/k1Ts64DDJyBgkLg
                                                                                                                                                                                                                      MD5:5F057A380BACBA4EF59C0611549C0E02
                                                                                                                                                                                                                      SHA1:4B758D18372D71F0AA38075F073722A55B897F71
                                                                                                                                                                                                                      SHA-256:BCB14DAC6C87C24269D3E60C46B49EFFB1360F714C353318F5BBAA48C79EC290
                                                                                                                                                                                                                      SHA-512:E1C99E224745B86EE55822C1DBCB4555A11EC31B72D87B46514917EB61E0258A1C6D38C4F592969C17EB4F0F74DA04BCECA31CF1622720E95F0F20E9631792E8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):13312
                                                                                                                                                                                                                      Entropy (8bit):5.007867576025166
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:bMt/1nCuqaL0ktPH0T7fwtF4zDn2rGacqgRGd:1/kpU3Yv4zDXqgRGd
                                                                                                                                                                                                                      MD5:49BCA1B7DF076D1A550EE1B7ED3BD997
                                                                                                                                                                                                                      SHA1:47609C7102F5B1BCA16C6BAD4AE22CE0B8AEE9E9
                                                                                                                                                                                                                      SHA-256:49E15461DCB76690139E71E9359F7FCF92269DCCA78E3BFE9ACB90C6271080B2
                                                                                                                                                                                                                      SHA-512:8574D7FA133B72A4A8D1D7D9FDB61053BC88C2D238B7AC7D519BE19972B658C44EA1DE433885E3206927C75DD5D1028F74999E048AB73189585B87630F865466
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):15872
                                                                                                                                                                                                                      Entropy (8bit):5.226023387740053
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:rfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDiYIgovg:mcHfRl5pauoSjy5DiE
                                                                                                                                                                                                                      MD5:CB5CFDD4241060E99118DEEC6C931CCC
                                                                                                                                                                                                                      SHA1:1E7FED96CF26C9F4730A4621CA9D18CECE3E0BCE
                                                                                                                                                                                                                      SHA-256:A8F809B6A417AF99B75EEEEA3ECD16BDA153CBDA4FFAB6E35CE1E8C884D899C4
                                                                                                                                                                                                                      SHA-512:8A89E3563C14B81353D251F9F019D8CBF07CB98F78452B8522413C7478A0D77B9ABF2134E4438145D6363CDA39721D2BAE8AD13D1CDACCBB5026619D95F931CF
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):14848
                                                                                                                                                                                                                      Entropy (8bit):5.262055670423592
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:C/ZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cD66WGcqgFjLg:vI4IHHaQfSVnCZyDImgFjLg
                                                                                                                                                                                                                      MD5:18D2D96980802189B23893820714DA90
                                                                                                                                                                                                                      SHA1:5DEE494D25EB79038CBC2803163E2EF69E68274C
                                                                                                                                                                                                                      SHA-256:C2FD98C677436260ACB9147766258CB99780A007114AED37C87893DF1CF1A717
                                                                                                                                                                                                                      SHA-512:0317B65D8F292332C5457A6B15A77548BE5B2705F34BB8F4415046E3E778580ABD17B233E6CC2755C991247E0E65B27B5634465646715657B246483817CACEB7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Math\_modexp.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):36352
                                                                                                                                                                                                                      Entropy (8bit):5.913843738203007
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:dspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSq:7Y44UagH6cAFCLUSYpMg3YDzPo5kG9G
                                                                                                                                                                                                                      MD5:EF472BA63FD22922CA704B1E7B95A29E
                                                                                                                                                                                                                      SHA1:700B68E7EF95514D5E94D3C6B10884E1E187ACD8
                                                                                                                                                                                                                      SHA-256:66EEF4E6E0CEEEF2C23A758BFBEDAE7C16282FC93D0A56ACAFC40E871AC3F01C
                                                                                                                                                                                                                      SHA-512:DC2060531C4153C43ABF30843BCB5F8FA082345CA1BB57F9AC8695EDDB28FF9FDA8132B6B6C67260F779D95FCADCAE2811091BCA300AB1E041FAE6CC7B50ABD8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):12288
                                                                                                                                                                                                                      Entropy (8bit):4.735350805948923
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:rhsC3eqv6b0q3OQ3rHu5bc64OhD2I/p3cqgONLg:r/Hq3jHuY64OhDJJgONLg
                                                                                                                                                                                                                      MD5:3B1CE70B0193B02C437678F13A335932
                                                                                                                                                                                                                      SHA1:063BFD5A32441ED883409AAD17285CE405977D1F
                                                                                                                                                                                                                      SHA-256:EB2950B6A2185E87C5318B55132DFE5774A5A579259AB50A7935A7FB143EA7B1
                                                                                                                                                                                                                      SHA-512:0E02187F17DFCFD323F2F0E62FBFE35F326DCF9F119FC8B15066AFAEEE4EB7078184BC85D571B555E9E67A2DD909EC12D8A67E3D075E9B1283813EF274E05C0D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):22528
                                                                                                                                                                                                                      Entropy (8bit):5.705606408072877
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:19BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDEFSegqrA:NcRy38J+9dmvufFtaGDV
                                                                                                                                                                                                                      MD5:FF33C306434DEC51D39C7BF1663E25DA
                                                                                                                                                                                                                      SHA1:665FCF47501F1481534597C1EAC2A52886EF0526
                                                                                                                                                                                                                      SHA-256:D0E3B6A2D0E073B2D9F0FCDB051727007943A17A4CA966D75EBA37BECDBA6152
                                                                                                                                                                                                                      SHA-512:66A909DC9C3B7BD4050AA507CD89B0B3A661C85D33C881522EC9568744953B698722C1CBFF093F9CBCD6119BD527FECAB05A67F2E32EC479BE47AFFA4377362C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):70656
                                                                                                                                                                                                                      Entropy (8bit):6.0189903352673655
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:Jfju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXOa:pXRMgWiEDZiECgd/iwOXUQdbhov0ClbU
                                                                                                                                                                                                                      MD5:F267BF4256F4105DAD0D3E59023011ED
                                                                                                                                                                                                                      SHA1:9BC6CA0F375CE49D5787C909D290C07302F58DA6
                                                                                                                                                                                                                      SHA-256:1DDE8BE64164FF96B2BAB88291042EB39197D118422BEE56EB2846E7A2D2F010
                                                                                                                                                                                                                      SHA-512:A335AF4DBF1658556ED5DC13EE741419446F7DAEC6BD2688B626A803FA5DD76463D6367C224E0B79B17193735E2C74BA417C26822DAEEF05AC3BAB1588E2DE83
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):770560
                                                                                                                                                                                                                      Entropy (8bit):7.613224993327352
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:XtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:XtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                                      MD5:1EFD7F7CB1C277416011DE6F09C355AF
                                                                                                                                                                                                                      SHA1:C0F97652AC2703C325AB9F20826A6F84C63532F2
                                                                                                                                                                                                                      SHA-256:AB45FA80A68DB1635D41DC1A4AAD980E6716DAC8C1778CB5F30CDB013B7DF6E6
                                                                                                                                                                                                                      SHA-512:2EC4B88A1957733043BBD63CEAA6F5643D446DB607B3267FAD1EC611E6B0AF697056598AAC2AE5D44AB2B9396811D183C32BCE5A0FF34E583193A417D1C5226B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):26112
                                                                                                                                                                                                                      Entropy (8bit):5.8551858881598795
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:BczadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2pRQNgQQ77k:2udRf2MuMJ+9dmv8aea34taLDcfQ
                                                                                                                                                                                                                      MD5:C5FB377F736ED731B5578F57BB765F7A
                                                                                                                                                                                                                      SHA1:5BA51E11F4DE1CAEDEBA0F7D4D10EC62EC109E01
                                                                                                                                                                                                                      SHA-256:32073DF3D5C85ABCE7D370D6E341EF163A8350F6A9EDC775C39A23856CCFDD53
                                                                                                                                                                                                                      SHA-512:D361BCDAF2C700D5A4AC956D96E00961432C05A1B692FC870DB53A90F233A6D24AA0C3BE99E40BD8E5B7C6C1B2BCDCDCFC545292EF321486FFC71C5EA7203E6A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):84992
                                                                                                                                                                                                                      Entropy (8bit):6.064677498000638
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:BrYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKW:Br4vxcZeLrIeN1TvHsuP45yAqVDK9ag3
                                                                                                                                                                                                                      MD5:8A0C0AA820E98E83AC9B665A9FD19EAF
                                                                                                                                                                                                                      SHA1:6BF5A14E94D81A55A164339F60927D5BF1BAD5C4
                                                                                                                                                                                                                      SHA-256:4EE3D122DCFFE78E6E7E76EE04C38D3DC6A066E522EE9F7AF34A09649A3628B1
                                                                                                                                                                                                                      SHA-512:52496AE7439458DEDB58A65DF9FFDCC3A7F31FC36FE7202FB43570F9BB03ABC0565F5EF32E5E6C048ED3EBC33018C19712E58FF43806119B2FB5918612299E7E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                      Entropy (8bit):4.675380950473425
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:frQRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDpqf4AZaRcX6gnO:Qddz2KTnThIz0qfteRIDgRWcqgnCWt
                                                                                                                                                                                                                      MD5:44B930B89CE905DB4716A548C3DB8DEE
                                                                                                                                                                                                                      SHA1:948CBFF12A243C8D17A7ACD3C632EE232DF0F0ED
                                                                                                                                                                                                                      SHA-256:921C2D55179C0968535B20E9FD7AF55AD29F4CE4CF87A90FE258C257E2673AA5
                                                                                                                                                                                                                      SHA-512:79DF755BE8B01D576557A4CB3F3200E5EE1EDE21809047ABB9FF8D578C535AC1EA0277EDA97109839A7607AF043019F2C297E767441C7E11F81FDC87FD1B6EFC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\Crypto\Util\_strxor.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):10240
                                                                                                                                                                                                                      Entropy (8bit):4.625428549874022
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:flipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDVZqYNIfcX6gHCWx:Cddz2KTnThIz0qfteR5DVwYkcqgHCWt
                                                                                                                                                                                                                      MD5:F24F9356A6BDD29B9EF67509A8BC3A96
                                                                                                                                                                                                                      SHA1:A26946E938304B4E993872C6721EB8CC1DCBE43B
                                                                                                                                                                                                                      SHA-256:034BB8EFE3068763D32C404C178BD88099192C707A36F5351F7FDB63249C7F81
                                                                                                                                                                                                                      SHA-512:C4D3F92D7558BE1A714388C72F5992165DD7A9E1B4FA83B882536030542D93FDAD9148C981F76FFF7868192B301AC9256EDB8C3D5CE5A1A2ACAC183F96C1028B
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):120400
                                                                                                                                                                                                                      Entropy (8bit):6.6017475353076716
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:N9TXF5LLXQLlNycKW+D4SdqJk6aN1ACuyxLiyazYaCVoecbdhgOwAd+zfZ1zu:N9jelDoD9uyxLizzFzecbdPwA87S
                                                                                                                                                                                                                      MD5:862F820C3251E4CA6FC0AC00E4092239
                                                                                                                                                                                                                      SHA1:EF96D84B253041B090C243594F90938E9A487A9A
                                                                                                                                                                                                                      SHA-256:36585912E5EAF83BA9FEA0631534F690CCDC2D7BA91537166FE53E56C221E153
                                                                                                                                                                                                                      SHA-512:2F8A0F11BCCC3A8CB99637DEEDA0158240DF0885A230F38BB7F21257C659F05646C6B61E993F87E0877F6BA06B347DDD1FC45D5C44BC4E309EF75ED882B82E4E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......\=..\...\...\..S$...\...$...\...\..5\...\...\.....\.....\.....\.....\......\.....\..Rich.\..........PE..d.....x.........." ...).$...d............................................................`A........................................0u..4...d}..........................PP...........^..p............................\..@............@...............................text............................... ..`fothk........0...................... ..`.rdata...C...@...D...(..............@..@.data................l..............@....pdata...............p..............@..@_RDATA...............|..............@..@.rsrc................~..............@..@.reloc..............................@..B................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\VCRUNTIME140_1.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):49744
                                                                                                                                                                                                                      Entropy (8bit):6.701724666218339
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:ApzzO6ujT3MbR3v0Cz6SR8q83yaFdWr9zRcmgEl6U9zSC:9q/oGw3fFdwzRcmZFzSC
                                                                                                                                                                                                                      MD5:68156F41AE9A04D89BB6625A5CD222D4
                                                                                                                                                                                                                      SHA1:3BE29D5C53808186EBA3A024BE377EE6F267C983
                                                                                                                                                                                                                      SHA-256:82A2F9AE1E6146AE3CB0F4BC5A62B7227E0384209D9B1AEF86BBCC105912F7CD
                                                                                                                                                                                                                      SHA-512:F7BF8AD7CD8B450050310952C56F6A20B378A972C822CCC253EF3D7381B56FFB3CA6CE3323BEA9872674ED1C02017F78AB31E9EB9927FC6B3CBA957C247E5D57
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......?.{...{...{...0...y.......y...r.H.p...{...H.......|.......`.......~.......z.....$.z.......z...Rich{...........PE..d...l0.?.........." ...).<...8.......@...............................................b....`A........................................pm.......m..x....................r..PP......D....c..p...........................`b..@............P..`............................text....;.......<.................. ..`.rdata.."#...P...$...@..............@..@.data................d..............@....pdata...............f..............@..@.rsrc................l..............@..@.reloc..D............p..............@..B................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_asyncio.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):70928
                                                                                                                                                                                                                      Entropy (8bit):6.242470629630265
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:FCIB0WWuqkJS86D6rznO6uqM+lY5ZkesIcydIJvn/5YiSyvT2ETh:FCY0WStDwnOLYY5ZkeddIJvnx7Sy75h
                                                                                                                                                                                                                      MD5:80083B99812171FEA682B1CF38026816
                                                                                                                                                                                                                      SHA1:365FB5B0C652923875E1C7720F0D76A495B0E221
                                                                                                                                                                                                                      SHA-256:DBEAE7CB6F256998F9D8DE79D08C74D716D819EB4473B2725DBE2D53BA88000A
                                                                                                                                                                                                                      SHA-512:33419B9E18E0099DF37D22E33DEBF15D57F4248346B17423F2B55C8DA7CBE62C19AA0BB5740CFAAC9BC6625B81C54367C0C476EAECE71727439686567F0B1234
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Z...........%.....................................................K...................I...........Rich...................PE..d......g.........." ...).d................................................... ............`.........................................`...P.......d......................../.............T...............................@...............(............................text...)b.......d.................. ..`.rdata...O.......P...h..............@..@.data...`...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_bz2.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):84240
                                                                                                                                                                                                                      Entropy (8bit):6.607563436050078
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:Kdrz7l1EVLsSuvX3dUK4MLgqK7YEog8y5sV8lIJLVy7SyFB:urzcuvXvrEo7y6V8lIJLVyB
                                                                                                                                                                                                                      MD5:CB8C06C8FA9E61E4AC5F22EEBF7F1D00
                                                                                                                                                                                                                      SHA1:D8E0DFC8127749947B09F17C8848166BAC659F0D
                                                                                                                                                                                                                      SHA-256:FC3B481684B926350057E263622A2A5335B149A0498A8D65C4F37E39DD90B640
                                                                                                                                                                                                                      SHA-512:E6DA642B7200BFB78F939F7D8148581259BAA9A5EDDA282C621D14BA88083A9B9BD3D17B701E9CDE77AD1133C39BD93FC9D955BB620546BB4FCF45C68F1EC7D6
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......e...!m..!m..!m..(.o.+m..1...#m..1..."m..1...%m..1...)m..1...,m..i..."m..j...#m..!m..|m..i...)m..i... m..i... m..i... m..Rich!m..........PE..d.....g.........." ...).....\......0........................................P......7[....`.............................................H...(........0....... .. ......../...@..........T...........................`...@...............x............................text............................... ..`.rdata...=.......>..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_cffi_backend.cp313-win_amd64.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):179200
                                                                                                                                                                                                                      Entropy (8bit):6.189919896183334
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:X3LjFuaTzDGA3GrJwUdoSPhpRv9JUizQWS7LkSTLkKWgFIPXD0:X3QaT3GA3NSPhDsizTikSTLLWgF0z0
                                                                                                                                                                                                                      MD5:5CBA92E7C00D09A55F5CBADC8D16CD26
                                                                                                                                                                                                                      SHA1:0300C6B62CD9DB98562FDD3DE32096AB194DA4C8
                                                                                                                                                                                                                      SHA-256:0E3D149B91FC7DC3367AB94620A5E13AF6E419F423B31D4800C381468CB8AD85
                                                                                                                                                                                                                      SHA-512:7AB432C8774A10F04DDD061B57D07EBA96481B5BB8C663C6ADE500D224C6061BC15D17C74DA20A7C3CEC8BBF6453404D553EBAB22D37D67F9B163D7A15CF1DED
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......i..#-p.p-p.p-p.p$..p!p.p=.q/p.p=.zp)p.p=.q)p.p=.q%p.p=.q!p.pf..q)p.p9.q.p.p-p.p.p.pe..q)p.p$..p,p.pe..q,p.pe.xp,p.pe..q,p.pRich-p.p........................PE..d..._..f.........." ...).....B......@........................................0............`..........................................h..l....i..................T............ ......0O...............................M..@............................................text............................... ..`.rdata..............................@..@.data....].......0...n..............@....pdata..T...........................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_ctypes.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):131344
                                                                                                                                                                                                                      Entropy (8bit):6.311142284249784
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:3RF024DWkT/DKGkXY402iXnVJf/FO50XnekZ39gPhvEQZIJyPArm:j0nHT/DKFXZorf/FO50uW3SEQt
                                                                                                                                                                                                                      MD5:A55E57D7594303C89B5F7A1D1D6F2B67
                                                                                                                                                                                                                      SHA1:904A9304A07716497CF3E4EAAFD82715874C94F1
                                                                                                                                                                                                                      SHA-256:F63C6C7E71C342084D8F1A108786CA6975A52CEFEF8BE32CC2589E6E2FE060C8
                                                                                                                                                                                                                      SHA-512:FFA61AD2A408A831B5D86B201814256C172E764C9C1DBE0BD81A2E204E9E8117C66F5DFA56BB7D74275D23154C0ED8E10D4AE8A0D0564434E9761D754F1997FC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........h~..............q...............................................q.......q......!u.............................................Rich....................PE..d.....g.........." ...).............h....................................... .......Z....`.........................................P.................................../...........=..T............................;..@............0...............................text............................... ..`.rdata...y...0...z..................@..@.data....$....... ..................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_decimal.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):277776
                                                                                                                                                                                                                      Entropy (8bit):6.5855511991551
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:x9iD78EIq4x4OA5bZZ0KDgQcI79qWM53pLW1AFR8E4wXw76TPlpV77777VMvyk:xwDGqr5b8EgQ5+w6k
                                                                                                                                                                                                                      MD5:F3377F3DE29579140E2BBAEEFD334D4F
                                                                                                                                                                                                                      SHA1:B3076C564DBDFD4CA1B7CC76F36448B0088E2341
                                                                                                                                                                                                                      SHA-256:B715D1C18E9A9C1531F21C02003B4C6726742D1A2441A1893BC3D79D7BB50E91
                                                                                                                                                                                                                      SHA-512:34D9591590BBA20613691A5287EF329E5927A58127CE399088B4D68A178E3AF67159A8FC55B4FCDCB08AE094753B20DEC2AC3F0B3011481E4ED6F37445CECDD5
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j2U..\...\...\..s....\..]...\.._...\..X...\..Y...\...]...\..s]...\...].z.\..._...\...Q...\...\...\.......\...^...\.Rich..\.........................PE..d......g.........." ...).....Z...............................................P......W.....`.................................................L........0..........t+......./...@..........T...............................@............... ............................text.............................. ..`.rdata..\...........................@..@.data...8'......."..................@....pdata..t+.......,..................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_hashlib.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):64272
                                                                                                                                                                                                                      Entropy (8bit):6.220967684620152
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:eNJI0DWiflFwY9X3Th1JnptE462TxNvdbj4dIJvI75YiSyvE62Em:2LDxflFwY9XDhPfVNv+dIJvIF7Syc6c
                                                                                                                                                                                                                      MD5:32D76C9ABD65A5D2671AEEDE189BC290
                                                                                                                                                                                                                      SHA1:0D4440C9652B92B40BB92C20F3474F14E34F8D62
                                                                                                                                                                                                                      SHA-256:838D5C8B7C3212C8429BAF612623ABBBC20A9023EEC41E34E5461B76A285B86C
                                                                                                                                                                                                                      SHA-512:49DC391F4E63F4FF7D65D6FD837332745CC114A334FD61A7B6AA6F710B235339964B855422233FAC4510CCB9A6959896EFE880AB24A56261F78B2A0FD5860CD9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W.A.6...6...6...N%..6.......6.......6.......6.......6.......6...N...6.......6...6..26.......6.......6....I..6.......6..Rich.6..........PE..d......g.........." ...).P...~.......=..............................................!.....`.........................................p...P................................/......X....l..T............................k..@............`...............................text....N.......P.................. ..`.rdata...M...`...N...T..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_lzma.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):157968
                                                                                                                                                                                                                      Entropy (8bit):6.854644275249963
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:KbbS4R/G4Z8r7NjwJTSUqCRY4By7znfB9mNowgn0lCelIJ012+j:KbR/8oWeBi5YOwflCe8o
                                                                                                                                                                                                                      MD5:1BA022D42024A655CF289544AE461FB8
                                                                                                                                                                                                                      SHA1:9772A31083223ECF66751FF3851D2E3303A0764C
                                                                                                                                                                                                                      SHA-256:D080EABD015A3569813A220FD4EA74DFF34ED2A8519A10473EB37E22B1118A06
                                                                                                                                                                                                                      SHA-512:2B888A2D7467E29968C6BB65AF40D4B5E80722FFDDA760AD74C912F3A2F315D402F3C099FDE82F00F41DE6C9FAAEDB23A643337EB8821E594C567506E3464C62
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........7...V.,.V.,.V.,...,.V.,..-.V.,..-.V.,..-.V.,..-.V.,..-.V.,...-.V.,.V.,.V.,..-.V.,..-.V.,..u,.V.,..-.V.,Rich.V.,................PE..d......g.........." ...).`...........1.......................................p.......P....`.............................................L.......x....P.......0.......:.../...`..4....|..T...........................P{..@............p...............................text...^^.......`.................. ..`.rdata.......p.......d..............@..@.data........ ......................@....pdata.......0......................@..@.rsrc........P......................@..@.reloc..4....`.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_multiprocessing.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):35600
                                                                                                                                                                                                                      Entropy (8bit):6.416657776501014
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:6wehui7ZmQW/3OUDxEiNIJntJ5YiSyvSJz2Ec:whuilG+UDxEiNIJntX7Sy+zO
                                                                                                                                                                                                                      MD5:705AC24F30DC9487DC709307D15108ED
                                                                                                                                                                                                                      SHA1:E9E6BA24AF9947D8995392145ADF62CAC86BA5D8
                                                                                                                                                                                                                      SHA-256:59134B754C6ACA9449E2801E9E7ED55279C4F1ED58FE7A7A9F971C84E8A32A6C
                                                                                                                                                                                                                      SHA-512:F5318EBB91F059F0721D75D576B39C7033D566E39513BAD8E7E42CCC922124A5205010415001EE386495F645238E2FF981A8B859F0890DC3DA4363EB978FDBA7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......2.Y)v.7zv.7zv.7z..zt.7zf,6{t.7zf,4{u.7zf,3{~.7zf,2{{.7z>-6{t.7zv.6z..7z=.6{s.7z>-:{t.7z>-7{w.7z>-.zw.7z>-5{w.7zRichv.7z........PE..d......g.........." ...). ...>......@...............................................%.....`......................................... E..`....E..x............p.......\.../...........4..T............................3..@............0...............................text............ .................. ..`.rdata..6 ...0..."...$..............@..@.data...p....`.......F..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_overlapped.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):55568
                                                                                                                                                                                                                      Entropy (8bit):6.3313243577146485
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:+kMm7HdG/l5fW3UguCE+eRIJWtd7SyJds:+wIQUFCEbRIJWtd6
                                                                                                                                                                                                                      MD5:A72527454DD6DA346DDB221FC729E3D4
                                                                                                                                                                                                                      SHA1:0276387E3E0492A0822DB4EABE23DB8C25EF6E6F
                                                                                                                                                                                                                      SHA-256:404353D7B867749FA2893033BD1EBF2E3F75322D4015725D697CFA5E80EC9D0F
                                                                                                                                                                                                                      SHA-512:FEFB543D20520F86B63E599A56E2166599DFA117EDB2BEB5E73FC8B43790543702C280A05CCFD9597C0B483F637038283DD48EF8C88B4EA6BAC411EC0043B10A
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.{X/.(X/.(X/.(QW_(\/.(H..)Z/.(H..)[/.(H..)P/.(H..)T/.(...)Z/.(X/.(//.(.W.)]/.(.W.)Y/.(...)Y/.(...)Y/.(..3(Y/.(...)Y/.(RichX/.(........................PE..d.....g.........." ...).L...`......@................................................}....`.............................................X................................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata...8...`...:...P..............@..@.data...@...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_queue.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):33552
                                                                                                                                                                                                                      Entropy (8bit):6.446391764486538
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:7GpPCRjqMu/AoS6rf7sif0NHQibZIJ9UoOHQIYiSy1pCQ5xX1rSJIVE8E9VF0Nyf:fkTM6rg9aeZIJ9Uok5YiSyvTo2Et
                                                                                                                                                                                                                      MD5:1C03CAA59B5E4A7FB9B998D8C1DA165A
                                                                                                                                                                                                                      SHA1:8A318F80A705C64076E22913C2206D9247D30CD7
                                                                                                                                                                                                                      SHA-256:B9CF502DADCB124F693BF69ECD7077971E37174104DBDA563022D74961A67E1E
                                                                                                                                                                                                                      SHA-512:783ECDA7A155DFC96A718D5A130FB901BBECBED05537434E779135CBA88233DD990D86ECA2F55A852C9BFB975074F7C44D8A3E4558D7C2060F411CE30B6A915F
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T...........-.........................................................................A...........Rich...................PE..d.....g.........." ...).....:.......................................................r....`.........................................PD..L....D..d....p.......`..l....T.../..........@4..T............................3..@............0...............................text............................... ..`.rdata..2....0....... ..............@..@.data........P.......>..............@....pdata..l....`.......D..............@..@.rsrc........p.......H..............@..@.reloc...............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_socket.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):83728
                                                                                                                                                                                                                      Entropy (8bit):6.331814573029388
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:1536:XuV3gvWHQdMq3ORC/OypTXQlyJ+9+nzEYwsBI6tzOKuZIJywJ7Sy21:XuVQvcQTSypTXQlyJs+nzEYJI6QlZIJY
                                                                                                                                                                                                                      MD5:FE896371430BD9551717EF12A3E7E818
                                                                                                                                                                                                                      SHA1:E2A7716E9CE840E53E8FC79D50A77F40B353C954
                                                                                                                                                                                                                      SHA-256:35246B04C6C7001CA448554246445A845CE116814A29B18B617EA38752E4659B
                                                                                                                                                                                                                      SHA-512:67ECD9A07DF0A07EDD010F7E3732F3D829F482D67869D6BCE0C9A61C24C0FDC5FF4F4E4780B9211062A6371945121D8883BA2E9E2CF8EB07B628547312DFE4C9
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............ll}.ll}.ll}...}.ll}..m|.ll}..o|.ll}..h|.ll}..i|.ll}..m|.ll}.lm}.ll}..m|.ll}..a|.ll}..l|.ll}..}.ll}..n|.ll}Rich.ll}........PE..d.....g.........." ...).x.......... -.......................................`.......s....`.........................................@...P............@.......0.........../...P..........T...........................@...@............................................text....w.......x.................. ..`.rdata.. y.......z...|..............@..@.data...............................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_sqlite3.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):128272
                                                                                                                                                                                                                      Entropy (8bit):6.294497957566744
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:N+tZdKmXhyn/qO6ItCpz6j5yQyshiKftdIJvQJL:NGZVwnxHssj5lhiYR
                                                                                                                                                                                                                      MD5:D4E5BE27410897AC5771966E33B418C7
                                                                                                                                                                                                                      SHA1:5D18FF3CC196557ED40F2F46540B2BFE02901D98
                                                                                                                                                                                                                      SHA-256:3E625978D7C55F4B609086A872177C4207FB483C7715E2204937299531394F4C
                                                                                                                                                                                                                      SHA-512:4D40B4C6684D3549C35ED96BEDD6707CE32DFAA8071AEADFBC682CF4B7520CFF08472F441C50E0D391A196510F8F073F26AE8B2D1E9B1AF5CF487259CC6CCC09
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V...7.7.7.Oc..7...7.....7...7.....7.....7...7..O.7.7.6.....7...7.....7...7.Rich.7.........................PE..d......g.........." ...)............................................................[.....`..........................................{..P...P{.........................../..............T...............................@...............H............................text...t........................... ..`.rdata.............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_ssl.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):181520
                                                                                                                                                                                                                      Entropy (8bit):5.972827303352998
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:kO+IWyXHllRhN1qhep7fM6CpqjZI8u7pUULbaLZErWreVEzvT3iFCNc6tYwJc1OW:kpSrhN1E2M6CpUuwg5dEW7
                                                                                                                                                                                                                      MD5:1C0E3E447F719FBE2601D0683EA566FC
                                                                                                                                                                                                                      SHA1:5321AB73B36675B238AB3F798C278195223CD7B1
                                                                                                                                                                                                                      SHA-256:63AE2FEFBFBBBC6EA39CDE0A622579D46FF55134BC8C1380289A2976B61F603E
                                                                                                                                                                                                                      SHA-512:E1A430DA2A2F6E0A1AED7A76CC4CD2760B3164ABC20BE304C1DB3541119942508E53EA3023A52B8BADA17A6052A7A51A4453EFAD1A888ACB3B196881226C2E5C
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......FM.^.,k..,k..,k..T...,k...j..,k...h..,k...o..,k...n..,k.J.j..,k...j..,k..,j..-k.ITj..,k.J.f..,k.J.k..,k.J....,k.J.i..,k.Rich.,k.................PE..d......g.........." ...)............ /..............................................R\....`.............................................d................................/..............T...........................P...@............................................text...0........................... ..`.rdata..D%.......&..................@..@.data...`...........................@....pdata...............n..............@..@.rsrc................z..............@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_uuid.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):25872
                                                                                                                                                                                                                      Entropy (8bit):6.591600232213824
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:bROw4TUyiIWlIJ0wsaHQIYiSy1pCQxHoQSJIVE8E9VF0NyEIkz:4w4TUyfWlIJ0wT5YiSyvBk2E3kz
                                                                                                                                                                                                                      MD5:3ACF3138D5550CA6DE7E2580E076E0F7
                                                                                                                                                                                                                      SHA1:3E878A18DF2362AA6F0BDBFA058DCA115E70D0B8
                                                                                                                                                                                                                      SHA-256:F9D5008F0772AA0720BC056A6ECD5A2A3F24965E4B470B022D88627A436C1FFE
                                                                                                                                                                                                                      SHA-512:F05E90A0FEAA2994B425884AF32149FBBE2E11CB7499FC88CA92D8A74410EDCD62B2B2C0F1ECD1A46985133F7E89575F2C114BD01F619C22CE52F3CF2A7E37C4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........p..#..#..#..\#..#..."..#..."..#..."..#..."..#..."..#..."..#..#...#..."..#..."..#..0#..#..."..#Rich..#........PE..d.....g.........." ...).....&......................................................".....`.........................................p9..L....9..x....`.......P.......6.../...p..@...`3..T........................... 2..@............0..8............................text...h........................... ..`.rdata.......0......................@..@.data...p....@.......&..............@....pdata.......P.......(..............@..@.rsrc........`.......*..............@..@.reloc..@....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\_wmi.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):38160
                                                                                                                                                                                                                      Entropy (8bit):6.338856805460127
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:fEkK9VgWOZbs3550QcJpPllIJLiX5YiSyvQ602Euf0:fE93jkbQcJvlIJLiJ7Syq00
                                                                                                                                                                                                                      MD5:1C30CC7DF3BD168D883E93C593890B43
                                                                                                                                                                                                                      SHA1:31465425F349DAE4EDAC9D0FEABC23CE83400807
                                                                                                                                                                                                                      SHA-256:6435C679A3A3FF4F16708EBC43F7CA62456C110AC1EA94F617D8052C90C143C7
                                                                                                                                                                                                                      SHA-512:267A1807298797B190888F769D998357B183526DFCB25A6F1413E64C5DCCF87F51424B7E5D6F2349D7A19381909AB23B138748D8D9F5858F7DC0552F5C5846AC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........H2.&a.&a.&a..a.&a..'`.&a..%`.&a.."`.&a..'`.&a..#`.&a..'`.&a.'a..&a.."`.&a../`.&a..&`.&a...a.&a..$`.&aRich.&a................PE..d.....g.........." ...).,...<.......)..............................................'.....`.........................................0V..H...xV.......................f.../......x...tG..T............................C..@............@.......T..@....................text....*.......,.................. ..`.rdata..d ...@..."...0..............@..@.data........p.......R..............@....pdata...............V..............@..@.rsrc................Z..............@..@.reloc..x............d..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\base_library.zip

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1394456
                                                                                                                                                                                                                      Entropy (8bit):5.531698507573688
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:IW7WpLV6yNLeGQbVz3YQfiBgDPtLwjFx278e6ZQnHS91lqyL+DXUgnxOr+dx5/GO:B7WpLtHa9BHSHAW+dx5/GP05vddD
                                                                                                                                                                                                                      MD5:A9CBD0455B46C7D14194D1F18CA8719E
                                                                                                                                                                                                                      SHA1:E1B0C30BCCD9583949C247854F617AC8A14CBAC7
                                                                                                                                                                                                                      SHA-256:DF6C19637D239BFEDC8CD13D20E0938C65E8FDF340622FF334DB533F2D30FA19
                                                                                                                                                                                                                      SHA-512:B92468E71490A8800E51410DF7068DD8099E78C79A95666ECF274A9E9206359F049490B8F60B96081FAFD872EC717E67020364BCFA972F26F0D77A959637E528
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:PK..........!..b.e............_collections_abc.pyc......................................\.....S.r.S.S.K.J.r.J.r. .S.S.K.r.\.".\.\.....5.......r.\.".S.5.......r.S...r.\.".\.5.......r.C./.S.Q.r.S.r.\.".\.".S.5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".0.R%..................5.......5.......5.......r.\.".\.".0.R)..................5.......5.......5.......r.\.".\.".0.R-..................5.......5.......5.......r.\.".\."./.5.......5.......r.\.".\.".\."./.5.......5.......5.......r.\.".\.".\.".S.5.......5.......5.......r.\.".\.".\.".S.S.-...5.......5.......5.......r.\.".\.".\.".5.......5.......5.......r.\.".\.".S.5.......5.......r \.".\.".S.5.......5.......r!\.".\.".\"".5.......5.......5.......r#\.".0.R%..................5.......5.......r$\.".0.R)..................5.......5.......r%\.".0.R-..................5.......5.......r&\.".\.RN..................5.......r(S...r)\)".5.......r*C)\.".S...".5.......5.......r+S...r,\,".5.......r,\.".\,5.......r-\,R]..................5.......

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\certifi\cacert.pem

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):299427
                                                                                                                                                                                                                      Entropy (8bit):6.047872935262006
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                                                      MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                                                      SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                                                      SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                                                      SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md.cp313-win_amd64.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):10752
                                                                                                                                                                                                                      Entropy (8bit):4.818583535960129
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:Mvs10hZd9D74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFCCQAADo+cX6m:MXv9XFCk2z1/t12iwU5usJFuCyPcqgE
                                                                                                                                                                                                                      MD5:56FE4F6C7E88212161F49E823CCC989A
                                                                                                                                                                                                                      SHA1:16D5CBC5F289AD90AEAA4FF7CB828627AC6D4ACF
                                                                                                                                                                                                                      SHA-256:002697227449B6D69026D149CFB220AC85D83B13056C8AA6B9DAC3FD3B76CAA4
                                                                                                                                                                                                                      SHA-512:7C9D09CF9503F73E6F03D30E54DBB50606A86D09B37302DD72238880C000AE2B64C99027106BA340753691D67EC77B3C6E5004504269508F566BDB5E13615F1E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d....$.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\charset_normalizer\md__mypyc.cp313-win_amd64.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):124928
                                                                                                                                                                                                                      Entropy (8bit):5.953784637413928
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3072:JDE+0ov6ojgN3qN8h51Zlh+YW5E38vCsmLS:JdefPZE2ICDLS
                                                                                                                                                                                                                      MD5:10116447F9276F10664BA85A5614BA3A
                                                                                                                                                                                                                      SHA1:EFD761A3E6D14E897D37AFB0C7317C797F7AE1D6
                                                                                                                                                                                                                      SHA-256:C393098E7803ABF08EE8F7381AD7B0F8FAFFBF66319C05D72823308E898F8CFC
                                                                                                                                                                                                                      SHA-512:C04461E52B7FE92D108CBDEB879B7A8553DD552D79C88DFA3F5D0036EED8D4B8C839C0BF2563BC0C796F8280ED2828CA84747CB781D2F26B44214FCA2091EAE4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........y.....................7...............7.......7.......7.......6..........D....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........C.......................................0............`.........................................0...d.................................... ......................................P...@............P...............................text....?.......@.................. ..`.rdata..nY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5724
                                                                                                                                                                                                                      Entropy (8bit):5.120429897887076
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                                      MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                                      SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                                      SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                                      SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):16286
                                                                                                                                                                                                                      Entropy (8bit):5.5843411690874865
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:hXy1uJ/l45jEVeK8RThXsI4WJi6LAciTwqUIq+NX6ih5V3Uqd8q:hXFlMEVd2sIJi6LAciTwqU/+96ihL8q
                                                                                                                                                                                                                      MD5:14AC8030DE12534736F742CE05989BD6
                                                                                                                                                                                                                      SHA1:5495082B702CC31048065B1F6546AF487CB0BC00
                                                                                                                                                                                                                      SHA-256:B593F9EDEAA8BA8B3F8DD147D52A27D904E812E544980265DF234D3958B12517
                                                                                                                                                                                                                      SHA-512:B1960D3485E44AA6F4FE7C0023AEEBB4FA00CC16F0340F2C90CB5FCBF2D1C32FDC4FBFB8546EA0C740AA44D72F9A8810F8421C65227F9182972491A1DFDFFEBC
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-313.pyc,,..cryptography/__pycache__/__init__.cpython-313.pyc,,..cryptography/__pycache__/exceptions.cpython-313.pyc,,..cryptography/__pycache__/fernet

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):94
                                                                                                                                                                                                                      Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                                      MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                                      SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                                      SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                                      SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):197
                                                                                                                                                                                                                      Entropy (8bit):4.61968998873571
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                                      MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                                      SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                                      SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                                      SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):11360
                                                                                                                                                                                                                      Entropy (8bit):4.426756947907149
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                                      MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                                      SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                                      SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                                      SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1532
                                                                                                                                                                                                                      Entropy (8bit):5.058591167088024
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                                      MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                                      SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                                      SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                                      SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):8292864
                                                                                                                                                                                                                      Entropy (8bit):6.493076254122072
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                                      MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                                      SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                                      SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                                      SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\libcrypto-3.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):5232408
                                                                                                                                                                                                                      Entropy (8bit):5.940072183736028
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:98304:/V+Qs2NuR5YV0L8PQ1CPwDvt3uFlDC4SC9c:9rs2NuDYV0L841CPwDvt3uFlDC4SCa
                                                                                                                                                                                                                      MD5:123AD0908C76CCBA4789C084F7A6B8D0
                                                                                                                                                                                                                      SHA1:86DE58289C8200ED8C1FC51D5F00E38E32C1AAD5
                                                                                                                                                                                                                      SHA-256:4E5D5D20D6D31E72AB341C81E97B89E514326C4C861B48638243BDF0918CFA43
                                                                                                                                                                                                                      SHA-512:80FAE0533BA9A2F5FA7806E86F0DB8B6AAB32620DDE33B70A3596938B529F3822856DE75BDDB1B06721F8556EC139D784BC0BB9C8DA0D391DF2C20A80D33CB04
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........._~.._~.._~..V.S.M~.....]~.....[~.....W~.....S~.._~...~......T~..J....~..J...7}..J...^~..J.?.^~..J...^~..Rich_~..........................PE..d......f.........." ...(..7..<......v........................................0P.......O...`...........................................H.0.....O.@....@O.|.... L. .....O../...PO.$...`{D.8............................yD.@.............O..............................text.....7.......7................. ..`.rdata........7.......7.............@..@.data...Ao....K..<....K.............@....pdata....... L.......K.............@..@.idata...%....O..&....N.............@..@.00cfg..u....0O.......N.............@..@.rsrc...|....@O.......N.............@..@.reloc..~....PO.......N.............@..B................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\libffi-8.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):39696
                                                                                                                                                                                                                      Entropy (8bit):6.641880464695502
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                                      MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                                      SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                                      SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                                      SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\libssl-3.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):792856
                                                                                                                                                                                                                      Entropy (8bit):5.57949182561317
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:7LN1sdyIzHHZp5c3nlUa6lxzAG11rbmFe9Xbv:7LgfzH5I3nlUa2AU2Fe9Xbv
                                                                                                                                                                                                                      MD5:4FF168AAA6A1D68E7957175C8513F3A2
                                                                                                                                                                                                                      SHA1:782F886709FEBC8C7CEBCEC4D92C66C4D5DBCF57
                                                                                                                                                                                                                      SHA-256:2E4D35B681A172D3298CAF7DC670451BE7A8BA27C26446EFC67470742497A950
                                                                                                                                                                                                                      SHA-512:C372B759B8C7817F2CBB78ECCC5A42FA80BDD8D549965BD925A97C3EEBDCE0335FBFEC3995430064DEAD0F4DB68EBB0134EB686A0BE195630C49F84B468113E3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l.>..|m..|m..|m.u.m..|m+.}l..|m.u}l..|m+..l..|m+.xl..|m+.yl..|m..}l..|m..}m..|m..xl..|m..|l..|m...m..|m..~l..|mRich..|m................PE..d......f.........." ...(.>..........K........................................0......!+....`..........................................x...Q..............s.... ...M......./......d...p...8...............................@............................................text....<.......>.................. ..`.rdata..hz...P...|...B..............@..@.data...qN.......H..................@....pdata..pV... ...X..................@..@.idata...c.......d...^..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..C...........................@..B........................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\pyexpat.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):201488
                                                                                                                                                                                                                      Entropy (8bit):6.375994899027017
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:6144:cAPHiRwroqoLHMpCSNVysh9CV2i6P/1vTg:6wrExSU6PdvTg
                                                                                                                                                                                                                      MD5:CF2C3D127F11CB2C026E151956745564
                                                                                                                                                                                                                      SHA1:B1C8C432FC737D6F455D8F642A4F79AD95A97BD3
                                                                                                                                                                                                                      SHA-256:D3E81017B4A82AE1B85E8CD6B9B7EB04D8817E29E5BC9ECE549AC24C8BB2FF23
                                                                                                                                                                                                                      SHA-512:FE3A9C8122FFFF4AF7A51DF39D40DF18E9DB3BC4AED6B161A4BE40A586AC93C1901ACDF64CC5BFFF6975D22073558FC7A37399D016296432057B8150848F636E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1..P.P.P.(t..P...P...P...P...P....P..(.P.P..P....P....P......P....P.Rich.P.........................PE..d.....g.........." ...)..................................................... ............`............................................P... ............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata....... ......................@..@.data.... ..........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\python3.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):70416
                                                                                                                                                                                                                      Entropy (8bit):6.1258200129869405
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:768:pQEotsskOv6pWVCB4p/uKlZPRQcFIc9qunV0Jku/YFI1Hu1wEBbCpVNyD6VdPxiD:/otssyKcunV8PjZIJy0i7SyWH1
                                                                                                                                                                                                                      MD5:16855EBEF31C5B1EBE767F1C617645B3
                                                                                                                                                                                                                      SHA1:315521F3A748ABFA35CD4D48E8DD09D0556D989B
                                                                                                                                                                                                                      SHA-256:A5C6A329698490A035133433928D04368CE6285BB91A9D074FC285DE4C9A32A4
                                                                                                                                                                                                                      SHA-512:C3957B3BD36B10C7AD6EA1FF3BC7BD65CDCEB3E6B4195A25D0649AA0DA179276CE170DA903D77B50A38FC3D5147A45BE32DBCFDBFBF76CC46301199C529ADEA4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......%?..a^e.a^e.a^e.).m.`^e.).e.`^e.)..`^e.).g.`^e.Richa^e.........PE..d......g.........." ...)............................................................z.....`.........................................`..................................../..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\python313.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):6083856
                                                                                                                                                                                                                      Entropy (8bit):6.126922729922386
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:49152:fXGc3O7T4DKX+vLFMmKYxiAYNBD987KdJlI9HbeX2jrgQcw6Zc4h67mM+XDQ3bLi:Of42zJiwJl/YF7v3vaHDMiEN3Kr
                                                                                                                                                                                                                      MD5:B9DE917B925DD246B709BB4233777EFD
                                                                                                                                                                                                                      SHA1:775F258D8B530C6EA9F0DD3D1D0B61C1948C25D2
                                                                                                                                                                                                                      SHA-256:0C0A66505093B6A4BB3475F716BD3D9552095776F6A124709C13B3F9552C7D99
                                                                                                                                                                                                                      SHA-512:F4BF3398F50FDD3AB7E3F02C1F940B4C8B5650ED7AF16C626CCD1B934053BA73A35F96DA03B349C1EB614BB23E0BC6B5CC58B07B7553A5C93C6D23124F324A33
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........s]{v ]{v ]{v M.w!_{v M.. S{v M.u!Y{v M.r!U{v M.s!P{v T.. G{v ..w!V{v ]{w .zv ..{!.{v ..v!\{v ... \{v ..t!\{v Rich]{v ........................PE..d......g.........." ...).:+..T9......J........................................d.....uF]...`...........................................O.....h.P.......d......0].......\../....d..... A3.T.....................I.(....?3.@............P+..............................text....8+......:+................. ..`.rdata....%..P+...%..>+.............@..@.data...$9....P..N....P.............@....pdata.......0]...... U.............@..@PyRuntim.N...._..P....W.............@....rsrc.........d.......[.............@..@.reloc........d.......[.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\select.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):30992
                                                                                                                                                                                                                      Entropy (8bit):6.554484610649281
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:384:7hhxm9tKLhuoNHfzzlvFy0ZZIJ9GckHQIYiSy1pCQ4HWSJIVE8E9VF0Ny6sC:tCytHf98uZIJ9Gx5YiSyvy2ES
                                                                                                                                                                                                                      MD5:20831703486869B470006941B4D996F2
                                                                                                                                                                                                                      SHA1:28851DFD43706542CD3EF1B88B5E2749562DFEE0
                                                                                                                                                                                                                      SHA-256:78E5994C29D8851F28B5B12D59D742D876683AEA58ECEEA1FB895B2036CDCDEB
                                                                                                                                                                                                                      SHA-512:4AAF5D66D2B73F939B9A91E7EDDFEB2CE2476C625586EF227B312230414C064AA850B02A4028363AA4664408C9510594754530A6D026A0A84BE0168D677C1BC4
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........tV..'V..'V..'_.j'T..'F:.&T..'F:.&R..'F:.&^..'F:.&Z..'.;.&T..'V..'...'...&S..'.;.&W..'.;.&W..'.;.'W..'.;.&W..'RichV..'................PE..d.....g.........." ...).....2............................................................`..........................................@..L...<A..x....p.......`.......J.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data...p....P.......8..............@....pdata.......`.......:..............@..@.rsrc........p.......>..............@..@.reloc..L............H..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):11358
                                                                                                                                                                                                                      Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                                      MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                                      SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                                      SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                                      SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4648
                                                                                                                                                                                                                      Entropy (8bit):5.006900644756252
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                                      MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                                      SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                                      SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                                      SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2518
                                                                                                                                                                                                                      Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                                      MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                                      SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                                      SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                                      SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):91
                                                                                                                                                                                                                      Entropy (8bit):4.687870576189661
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                                      MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                                      SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                                      SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                                      SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):19
                                                                                                                                                                                                                      Entropy (8bit):3.536886723742169
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                                      MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                                      SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                                      SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                                      SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:importlib_metadata.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1335
                                                                                                                                                                                                                      Entropy (8bit):4.226823573023539
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                                      MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                                      SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                                      SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                                      SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4
                                                                                                                                                                                                                      Entropy (8bit):1.5
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:Mn:M
                                                                                                                                                                                                                      MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                                      SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                                      SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                                      SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:pip.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1107
                                                                                                                                                                                                                      Entropy (8bit):5.115074330424529
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                                      MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                                      SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                                      SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                                      SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):2153
                                                                                                                                                                                                                      Entropy (8bit):5.088249746074878
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                                      MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                                      SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                                      SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                                      SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:CSV text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):4557
                                                                                                                                                                                                                      Entropy (8bit):5.714200636114494
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                                      MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                                      SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                                      SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                                      SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):81
                                                                                                                                                                                                                      Entropy (8bit):4.672346887071811
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                                      MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                                      SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                                      SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                                      SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):104
                                                                                                                                                                                                                      Entropy (8bit):4.271713330022269
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                                      MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                                      SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                                      SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                                      SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\sqlite3.dll

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):1540368
                                                                                                                                                                                                                      Entropy (8bit):6.577233901213655
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:24576:cmKZpHTv4iPI9FDgJNRs++l8GwLXSz4ih5Z5jWbsxuIl40OwumzuLxIhiE:0rJoDgJNRs+U8GwLXSMIZ5jWb0uIl48R
                                                                                                                                                                                                                      MD5:7E632F3263D5049B14F5EDC9E7B8D356
                                                                                                                                                                                                                      SHA1:92C5B5F96F1CBA82D73A8F013CBAF125CD0898B8
                                                                                                                                                                                                                      SHA-256:66771FBD64E2D3B8514DD0CD319A04CA86CE2926A70F7482DDEC64049E21BE38
                                                                                                                                                                                                                      SHA-512:CA1CC67D3EB63BCA3CE59EF34BECCE48042D7F93B807FFCD4155E4C4997DC8B39919AE52AB4E5897AE4DBCB47592C4086FAC690092CAA7AA8D3061FBA7FE04A2
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......gsX.#.6.#.6.#.6.*j../.6.3.7.!.6.3.5.'.6.3.2.+.6.3.3...6.hj7. .6.#.7...6.k.>.".6.k.6.".6.k..".6.k.4.".6.Rich#.6.........................PE..d.....g.........." ...).0...(.......................................................P....`..............................................#...........`...............R.../...p..X...0...T..............................@............@..X............................text...9........0.................. ..`.rdata..,....@.......4..............@..@.data...`M...0...D..................@....pdata...............\..............@..@.rsrc........`.......8..............@..@.reloc..X....p.......B..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI73562\unicodedata.pyd

                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                      Process:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                      Size (bytes):709904
                                                                                                                                                                                                                      Entropy (8bit):5.861739047785334
                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                      SSDEEP:12288:FYGdLI/X77mvfldCKGihH32W3cnPSqrUgLIe:FYGW7qNxr3cnPXLIe
                                                                                                                                                                                                                      MD5:0902D299A2A487A7B0C2D75862B13640
                                                                                                                                                                                                                      SHA1:04BCBD5A11861A03A0D323A8050A677C3A88BE13
                                                                                                                                                                                                                      SHA-256:2693C7EE4FBA55DC548F641C0CB94485D0E18596FFEF16541BD43A5104C28B20
                                                                                                                                                                                                                      SHA-512:8CBEF5A9F2D24DA1014F8F1CCBDDD997A084A0B04DD56BCB6AC38DDB636D05EF7E4EA7F67A085363AAD3F43D45413914E55BDEF14A662E80BE955E6DFC2FECA3
                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Q.............(.....(.....(.....(.....)................).....).....)x....)....Rich..................PE..d.....g.........." ...).B...f......P,..............................................<.....`.........................................P...X................................/..........p...T...........................0...@............`..h............................text....@.......B.................. ..`.rdata...?...`...@...F..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                      Entropy (8bit):7.9938679781323465
                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                      • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                                      • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                      File name:ihost.exe
                                                                                                                                                                                                                      File size:17'124'652 bytes
                                                                                                                                                                                                                      MD5:13668221cfd8f509eb078b7105c6fda8
                                                                                                                                                                                                                      SHA1:bac34153380deb0edc8be94748cca4d33403d1c9
                                                                                                                                                                                                                      SHA256:629685e2ed92a4edb187851977c066471a418d7917590360e48128e5cc3f1988
                                                                                                                                                                                                                      SHA512:d2c0cf24666d2a83892f298e986200b6bc205d62bc8340c7e8a718b0ce0aa4c6ec0b04e7445917e49474323ce8d5eb64420de4d7a720d5818029470b1eb5857d
                                                                                                                                                                                                                      SSDEEP:393216:C9YiZAwq3Obs2CltXMCHWUj/cuIbvR/PqK1yXms56YjZCro:C9YiZAwq3ObRqtXMb8Ut/iKb4Cro
                                                                                                                                                                                                                      TLSH:0A073305E2E06CDBDBB25578FE75E2D4A48A7F660B7CC61B527072060AB30C1587AF1B
                                                                                                                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                      Icon Hash:1262a1a0aa92aa8a

                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Entrypoint:0x14000ce20
                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                      Imagebase:0x140000000
                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                      DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                      Time Stamp:0x67537407 [Fri Dec 6 22:00:39 2024 UTC]
                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                                      Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                      call 00007FBFBCF47BECh
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                      jmp 00007FBFBCF4780Fh
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                      call 00007FBFBCF47FB8h
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FBFBCF479B3h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov eax, dword ptr [00000030h]
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                                      jmp 00007FBFBCF47997h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      cmp ecx, eax
                                                                                                                                                                                                                      je 00007FBFBCF479A6h
                                                                                                                                                                                                                      xor eax, eax
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                                      jne 00007FBFBCF47980h
                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                      jmp 00007FBFBCF47989h
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 28h
                                                                                                                                                                                                                      test ecx, ecx
                                                                                                                                                                                                                      jne 00007FBFBCF47999h
                                                                                                                                                                                                                      mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                                      call 00007FBFBCF470E5h
                                                                                                                                                                                                                      call 00007FBFBCF483D0h
                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                      jne 00007FBFBCF47996h
                                                                                                                                                                                                                      xor al, al
                                                                                                                                                                                                                      jmp 00007FBFBCF479A6h
                                                                                                                                                                                                                      call 00007FBFBCF54EEFh
                                                                                                                                                                                                                      test al, al
                                                                                                                                                                                                                      jne 00007FBFBCF4799Bh
                                                                                                                                                                                                                      xor ecx, ecx
                                                                                                                                                                                                                      call 00007FBFBCF483E0h
                                                                                                                                                                                                                      jmp 00007FBFBCF4797Ch
                                                                                                                                                                                                                      mov al, 01h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      add esp, 28h
                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      int3
                                                                                                                                                                                                                      inc eax
                                                                                                                                                                                                                      push ebx
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      sub esp, 20h
                                                                                                                                                                                                                      cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                                                                      jne 00007FBFBCF479F9h
                                                                                                                                                                                                                      cmp ecx, 01h
                                                                                                                                                                                                                      jnbe 00007FBFBCF479FCh
                                                                                                                                                                                                                      call 00007FBFBCF47F2Eh
                                                                                                                                                                                                                      test eax, eax
                                                                                                                                                                                                                      je 00007FBFBCF479BAh
                                                                                                                                                                                                                      test ebx, ebx
                                                                                                                                                                                                                      jne 00007FBFBCF479B6h
                                                                                                                                                                                                                      dec eax
                                                                                                                                                                                                                      lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                                      call 00007FBFBCF54CE2h

                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x19a1c.rsrc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x610000x764.reloc
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                      .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rdata0x2b0000x12a280x12c0030dbb413cd2b7918de74177c55ff76f9False0.5242838541666667data5.750707217771698IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                      .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .rsrc0x470000x19a1c0x19c0035db13bd970349e79d066a52e38a415aFalse0.07967991504854369data3.7032712285528175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                      .reloc0x610000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                      RT_ICON0x471d80xdcfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.925035360678925
                                                                                                                                                                                                                      RT_ICON0x47fa80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.02200402224062463
                                                                                                                                                                                                                      RT_ICON0x587d00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.05402692489371753
                                                                                                                                                                                                                      RT_ICON0x5c9f80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 92160.0766597510373444
                                                                                                                                                                                                                      RT_ICON0x5efa00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.12781425891181988
                                                                                                                                                                                                                      RT_ICON0x600480x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.28102836879432624
                                                                                                                                                                                                                      RT_GROUP_ICON0x604b00x5adata0.7666666666666667
                                                                                                                                                                                                                      RT_MANIFEST0x6050c0x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                      USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                                      COMCTL32.dll
                                                                                                                                                                                                                      KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                                      ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                                      GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.675436974 CET49731443192.168.2.4162.159.136.232
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.675492048 CET44349731162.159.136.232192.168.2.4
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.675553083 CET49731443192.168.2.4162.159.136.232
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.676632881 CET49731443192.168.2.4162.159.136.232
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.676651955 CET44349731162.159.136.232192.168.2.4
                                                                                                                                                                                                                      Dec 13, 2024 08:45:34.893897057 CET44349731162.159.136.232192.168.2.4
                                                                                                                                                                                                                      Dec 13, 2024 08:45:34.894746065 CET49731443192.168.2.4162.159.136.232
                                                                                                                                                                                                                      Dec 13, 2024 08:45:34.894778013 CET44349731162.159.136.232192.168.2.4
                                                                                                                                                                                                                      Dec 13, 2024 08:45:34.896421909 CET44349731162.159.136.232192.168.2.4
                                                                                                                                                                                                                      Dec 13, 2024 08:45:34.896497965 CET49731443192.168.2.4162.159.136.232
                                                                                                                                                                                                                      Dec 13, 2024 08:45:34.897706985 CET49731443192.168.2.4162.159.136.232
                                                                                                                                                                                                                      Dec 13, 2024 08:45:34.897840977 CET49731443192.168.2.4162.159.136.232

                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.531249046 CET6256053192.168.2.41.1.1.1
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.669756889 CET53625601.1.1.1192.168.2.4

                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.531249046 CET192.168.2.41.1.1.10xc631Standard query (0)discord.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.669756889 CET1.1.1.1192.168.2.40xc631No error (0)discord.com162.159.136.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.669756889 CET1.1.1.1192.168.2.40xc631No error (0)discord.com162.159.128.233A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.669756889 CET1.1.1.1192.168.2.40xc631No error (0)discord.com162.159.137.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.669756889 CET1.1.1.1192.168.2.40xc631No error (0)discord.com162.159.138.232A (IP address)IN (0x0001)false
                                                                                                                                                                                                                      Dec 13, 2024 08:45:33.669756889 CET1.1.1.1192.168.2.40xc631No error (0)discord.com162.159.135.232A (IP address)IN (0x0001)false

                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                      Start time:02:45:23
                                                                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\ihost.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff62aa00000
                                                                                                                                                                                                                      File size:17'124'652 bytes
                                                                                                                                                                                                                      MD5 hash:13668221CFD8F509EB078B7105C6FDA8
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      General

                                                                                                                                                                                                                      Target ID:1
                                                                                                                                                                                                                      Start time:02:45:26
                                                                                                                                                                                                                      Start date:13/12/2024
                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\ihost.exe"
                                                                                                                                                                                                                      Imagebase:0x7ff62aa00000
                                                                                                                                                                                                                      File size:17'124'652 bytes
                                                                                                                                                                                                                      MD5 hash:13668221CFD8F509EB078B7105C6FDA8
                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                      Yara matches:
                                                                                                                                                                                                                      • Rule: JoeSecurity_MuckStealer, Description: Yara detected Muck Stealer, Source: 00000001.00000002.2962425438.000002664A410000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:9.5%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:20%
                                                                                                                                                                                                                        Total number of Nodes:2000
                                                                                                                                                                                                                        Total number of Limit Nodes:36
                                                                                                                                                                                                                        execution_graph 20468 7ff62aa2ae6e 20469 7ff62aa2ae87 20468->20469 20470 7ff62aa2ae7d 20468->20470 20472 7ff62aa203a8 LeaveCriticalSection 20470->20472 19631 7ff62aa2add9 19634 7ff62aa154e8 LeaveCriticalSection 19631->19634 19528 7ff62aa0bb50 19529 7ff62aa0bb7e 19528->19529 19530 7ff62aa0bb65 19528->19530 19530->19529 19532 7ff62aa1d66c 12 API calls 19530->19532 19531 7ff62aa0bbde 19532->19531 20478 7ff62aa2ac53 20479 7ff62aa2ac63 20478->20479 20482 7ff62aa154e8 LeaveCriticalSection 20479->20482 16361 7ff62aa20938 16362 7ff62aa2095c 16361->16362 16365 7ff62aa2096c 16361->16365 16363 7ff62aa14f78 _get_daylight 11 API calls 16362->16363 16383 7ff62aa20961 16363->16383 16364 7ff62aa20c4c 16367 7ff62aa14f78 _get_daylight 11 API calls 16364->16367 16365->16364 16366 7ff62aa2098e 16365->16366 16368 7ff62aa209af 16366->16368 16510 7ff62aa20ff4 16366->16510 16369 7ff62aa20c51 16367->16369 16372 7ff62aa20a21 16368->16372 16374 7ff62aa209d5 16368->16374 16379 7ff62aa20a15 16368->16379 16371 7ff62aa1a9b8 __free_lconv_num 11 API calls 16369->16371 16371->16383 16376 7ff62aa1ec08 _get_daylight 11 API calls 16372->16376 16390 7ff62aa209e4 16372->16390 16373 7ff62aa20ace 16382 7ff62aa20aeb 16373->16382 16391 7ff62aa20b3d 16373->16391 16525 7ff62aa19730 16374->16525 16380 7ff62aa20a37 16376->16380 16378 7ff62aa1a9b8 __free_lconv_num 11 API calls 16378->16383 16379->16373 16379->16390 16531 7ff62aa2719c 16379->16531 16384 7ff62aa1a9b8 __free_lconv_num 11 API calls 16380->16384 16387 7ff62aa1a9b8 __free_lconv_num 11 API calls 16382->16387 16388 7ff62aa20a45 16384->16388 16385 7ff62aa209fd 16385->16379 16393 7ff62aa20ff4 45 API calls 16385->16393 16386 7ff62aa209df 16389 7ff62aa14f78 _get_daylight 11 API calls 16386->16389 16392 7ff62aa20af4 16387->16392 16388->16379 16388->16390 16395 7ff62aa1ec08 _get_daylight 11 API calls 16388->16395 16389->16390 16390->16378 16391->16390 16394 7ff62aa2344c 40 API calls 16391->16394 16402 7ff62aa20af9 16392->16402 16567 7ff62aa2344c 16392->16567 16393->16379 16396 7ff62aa20b7a 16394->16396 16397 7ff62aa20a67 16395->16397 16398 7ff62aa1a9b8 __free_lconv_num 11 API calls 16396->16398 16400 7ff62aa1a9b8 __free_lconv_num 11 API calls 16397->16400 16401 7ff62aa20b84 16398->16401 16400->16379 16401->16390 16401->16402 16403 7ff62aa20c40 16402->16403 16407 7ff62aa1ec08 _get_daylight 11 API calls 16402->16407 16405 7ff62aa1a9b8 __free_lconv_num 11 API calls 16403->16405 16404 7ff62aa20b25 16406 7ff62aa1a9b8 __free_lconv_num 11 API calls 16404->16406 16405->16383 16406->16402 16408 7ff62aa20bc8 16407->16408 16409 7ff62aa20bd9 16408->16409 16410 7ff62aa20bd0 16408->16410 16492 7ff62aa1a514 16409->16492 16411 7ff62aa1a9b8 __free_lconv_num 11 API calls 16410->16411 16413 7ff62aa20bd7 16411->16413 16419 7ff62aa1a9b8 __free_lconv_num 11 API calls 16413->16419 16415 7ff62aa20c7b 16418 7ff62aa1a970 _isindst 17 API calls 16415->16418 16416 7ff62aa20bf0 16576 7ff62aa272b4 16416->16576 16421 7ff62aa20c8f 16418->16421 16419->16383 16424 7ff62aa20cb8 16421->16424 16430 7ff62aa20cc8 16421->16430 16422 7ff62aa20c17 16427 7ff62aa14f78 _get_daylight 11 API calls 16422->16427 16423 7ff62aa20c38 16426 7ff62aa1a9b8 __free_lconv_num 11 API calls 16423->16426 16425 7ff62aa14f78 _get_daylight 11 API calls 16424->16425 16453 7ff62aa20cbd 16425->16453 16426->16403 16428 7ff62aa20c1c 16427->16428 16431 7ff62aa1a9b8 __free_lconv_num 11 API calls 16428->16431 16429 7ff62aa20fab 16433 7ff62aa14f78 _get_daylight 11 API calls 16429->16433 16430->16429 16432 7ff62aa20cea 16430->16432 16431->16413 16434 7ff62aa20d07 16432->16434 16595 7ff62aa210dc 16432->16595 16435 7ff62aa20fb0 16433->16435 16438 7ff62aa20d7b 16434->16438 16440 7ff62aa20d2f 16434->16440 16446 7ff62aa20d6f 16434->16446 16437 7ff62aa1a9b8 __free_lconv_num 11 API calls 16435->16437 16437->16453 16442 7ff62aa20da3 16438->16442 16447 7ff62aa1ec08 _get_daylight 11 API calls 16438->16447 16459 7ff62aa20d3e 16438->16459 16439 7ff62aa20e2e 16451 7ff62aa20e4b 16439->16451 16460 7ff62aa20e9e 16439->16460 16610 7ff62aa1976c 16440->16610 16444 7ff62aa1ec08 _get_daylight 11 API calls 16442->16444 16442->16446 16442->16459 16452 7ff62aa20dc5 16444->16452 16445 7ff62aa1a9b8 __free_lconv_num 11 API calls 16445->16453 16446->16439 16446->16459 16616 7ff62aa2705c 16446->16616 16454 7ff62aa20d95 16447->16454 16449 7ff62aa20d57 16449->16446 16462 7ff62aa210dc 45 API calls 16449->16462 16450 7ff62aa20d39 16456 7ff62aa14f78 _get_daylight 11 API calls 16450->16456 16457 7ff62aa1a9b8 __free_lconv_num 11 API calls 16451->16457 16458 7ff62aa1a9b8 __free_lconv_num 11 API calls 16452->16458 16455 7ff62aa1a9b8 __free_lconv_num 11 API calls 16454->16455 16455->16442 16456->16459 16461 7ff62aa20e54 16457->16461 16458->16446 16459->16445 16460->16459 16463 7ff62aa2344c 40 API calls 16460->16463 16466 7ff62aa2344c 40 API calls 16461->16466 16468 7ff62aa20e5a 16461->16468 16462->16446 16464 7ff62aa20edc 16463->16464 16465 7ff62aa1a9b8 __free_lconv_num 11 API calls 16464->16465 16467 7ff62aa20ee6 16465->16467 16470 7ff62aa20e86 16466->16470 16467->16459 16467->16468 16469 7ff62aa20f9f 16468->16469 16473 7ff62aa1ec08 _get_daylight 11 API calls 16468->16473 16471 7ff62aa1a9b8 __free_lconv_num 11 API calls 16469->16471 16472 7ff62aa1a9b8 __free_lconv_num 11 API calls 16470->16472 16471->16453 16472->16468 16474 7ff62aa20f2b 16473->16474 16475 7ff62aa20f3c 16474->16475 16476 7ff62aa20f33 16474->16476 16501 7ff62aa204e4 16475->16501 16477 7ff62aa1a9b8 __free_lconv_num 11 API calls 16476->16477 16479 7ff62aa20f3a 16477->16479 16486 7ff62aa1a9b8 __free_lconv_num 11 API calls 16479->16486 16481 7ff62aa20fdf 16485 7ff62aa1a970 _isindst 17 API calls 16481->16485 16482 7ff62aa20f52 SetEnvironmentVariableW 16483 7ff62aa20f97 16482->16483 16484 7ff62aa20f76 16482->16484 16487 7ff62aa1a9b8 __free_lconv_num 11 API calls 16483->16487 16488 7ff62aa14f78 _get_daylight 11 API calls 16484->16488 16489 7ff62aa20ff3 16485->16489 16486->16453 16487->16469 16490 7ff62aa20f7b 16488->16490 16491 7ff62aa1a9b8 __free_lconv_num 11 API calls 16490->16491 16491->16479 16493 7ff62aa1a52b 16492->16493 16494 7ff62aa1a521 16492->16494 16495 7ff62aa14f78 _get_daylight 11 API calls 16493->16495 16494->16493 16497 7ff62aa1a546 16494->16497 16500 7ff62aa1a532 16495->16500 16496 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16498 7ff62aa1a53e 16496->16498 16497->16498 16499 7ff62aa14f78 _get_daylight 11 API calls 16497->16499 16498->16415 16498->16416 16499->16500 16500->16496 16502 7ff62aa204f1 16501->16502 16504 7ff62aa204fb 16501->16504 16502->16504 16508 7ff62aa20517 16502->16508 16503 7ff62aa14f78 _get_daylight 11 API calls 16505 7ff62aa20503 16503->16505 16504->16503 16506 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16505->16506 16507 7ff62aa2050f 16506->16507 16507->16481 16507->16482 16508->16507 16509 7ff62aa14f78 _get_daylight 11 API calls 16508->16509 16509->16505 16511 7ff62aa21029 16510->16511 16517 7ff62aa21011 16510->16517 16512 7ff62aa1ec08 _get_daylight 11 API calls 16511->16512 16520 7ff62aa2104d 16512->16520 16513 7ff62aa1a574 __CxxCallCatchBlock 45 API calls 16515 7ff62aa210d8 16513->16515 16514 7ff62aa210ae 16516 7ff62aa1a9b8 __free_lconv_num 11 API calls 16514->16516 16516->16517 16517->16368 16518 7ff62aa1ec08 _get_daylight 11 API calls 16518->16520 16519 7ff62aa1a9b8 __free_lconv_num 11 API calls 16519->16520 16520->16514 16520->16518 16520->16519 16521 7ff62aa1a514 __std_exception_copy 37 API calls 16520->16521 16522 7ff62aa210bd 16520->16522 16524 7ff62aa210d2 16520->16524 16521->16520 16523 7ff62aa1a970 _isindst 17 API calls 16522->16523 16523->16524 16524->16513 16526 7ff62aa19740 16525->16526 16530 7ff62aa19749 16525->16530 16526->16530 16640 7ff62aa19208 16526->16640 16530->16385 16530->16386 16532 7ff62aa271a9 16531->16532 16533 7ff62aa262c4 16531->16533 16535 7ff62aa14fbc 45 API calls 16532->16535 16534 7ff62aa262d1 16533->16534 16539 7ff62aa26307 16533->16539 16537 7ff62aa14f78 _get_daylight 11 API calls 16534->16537 16551 7ff62aa26278 16534->16551 16536 7ff62aa271dd 16535->16536 16543 7ff62aa271f3 16536->16543 16547 7ff62aa2720a 16536->16547 16562 7ff62aa271e2 16536->16562 16540 7ff62aa262db 16537->16540 16538 7ff62aa26331 16541 7ff62aa14f78 _get_daylight 11 API calls 16538->16541 16539->16538 16544 7ff62aa26356 16539->16544 16545 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16540->16545 16542 7ff62aa26336 16541->16542 16546 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16542->16546 16549 7ff62aa14f78 _get_daylight 11 API calls 16543->16549 16548 7ff62aa26341 16544->16548 16552 7ff62aa14fbc 45 API calls 16544->16552 16550 7ff62aa262e6 16545->16550 16546->16548 16554 7ff62aa27226 16547->16554 16555 7ff62aa27214 16547->16555 16548->16379 16553 7ff62aa271f8 16549->16553 16550->16379 16551->16379 16552->16548 16558 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16553->16558 16556 7ff62aa27237 16554->16556 16557 7ff62aa2724e 16554->16557 16559 7ff62aa14f78 _get_daylight 11 API calls 16555->16559 16900 7ff62aa26314 16556->16900 16909 7ff62aa28fbc 16557->16909 16558->16562 16563 7ff62aa27219 16559->16563 16562->16379 16565 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16563->16565 16565->16562 16566 7ff62aa14f78 _get_daylight 11 API calls 16566->16562 16568 7ff62aa2348b 16567->16568 16569 7ff62aa2346e 16567->16569 16570 7ff62aa23495 16568->16570 16949 7ff62aa27ca8 16568->16949 16569->16568 16571 7ff62aa2347c 16569->16571 16956 7ff62aa27ce4 16570->16956 16572 7ff62aa14f78 _get_daylight 11 API calls 16571->16572 16574 7ff62aa23481 memcpy_s 16572->16574 16574->16404 16577 7ff62aa14fbc 45 API calls 16576->16577 16578 7ff62aa2731a 16577->16578 16580 7ff62aa27328 16578->16580 16968 7ff62aa1ef94 16578->16968 16971 7ff62aa1551c 16580->16971 16583 7ff62aa27414 16586 7ff62aa27425 16583->16586 16587 7ff62aa1a9b8 __free_lconv_num 11 API calls 16583->16587 16584 7ff62aa14fbc 45 API calls 16585 7ff62aa27397 16584->16585 16589 7ff62aa1ef94 5 API calls 16585->16589 16594 7ff62aa273a0 16585->16594 16588 7ff62aa20c13 16586->16588 16590 7ff62aa1a9b8 __free_lconv_num 11 API calls 16586->16590 16587->16586 16588->16422 16588->16423 16589->16594 16590->16588 16591 7ff62aa1551c 14 API calls 16592 7ff62aa273fb 16591->16592 16592->16583 16593 7ff62aa27403 SetEnvironmentVariableW 16592->16593 16593->16583 16594->16591 16596 7ff62aa2111c 16595->16596 16597 7ff62aa210ff 16595->16597 16598 7ff62aa1ec08 _get_daylight 11 API calls 16596->16598 16597->16434 16599 7ff62aa21140 16598->16599 16600 7ff62aa211a1 16599->16600 16604 7ff62aa1ec08 _get_daylight 11 API calls 16599->16604 16605 7ff62aa1a9b8 __free_lconv_num 11 API calls 16599->16605 16606 7ff62aa204e4 37 API calls 16599->16606 16607 7ff62aa211b0 16599->16607 16609 7ff62aa211c4 16599->16609 16602 7ff62aa1a9b8 __free_lconv_num 11 API calls 16600->16602 16601 7ff62aa1a574 __CxxCallCatchBlock 45 API calls 16603 7ff62aa211ca 16601->16603 16602->16597 16604->16599 16605->16599 16606->16599 16608 7ff62aa1a970 _isindst 17 API calls 16607->16608 16608->16609 16609->16601 16611 7ff62aa1977c 16610->16611 16614 7ff62aa19785 16610->16614 16611->16614 16993 7ff62aa1927c 16611->16993 16614->16449 16614->16450 16617 7ff62aa27069 16616->16617 16622 7ff62aa27096 16616->16622 16618 7ff62aa2706e 16617->16618 16617->16622 16619 7ff62aa14f78 _get_daylight 11 API calls 16618->16619 16620 7ff62aa27073 16619->16620 16623 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16620->16623 16621 7ff62aa270da 16625 7ff62aa14f78 _get_daylight 11 API calls 16621->16625 16622->16621 16624 7ff62aa270f9 16622->16624 16638 7ff62aa270ce __crtLCMapStringW 16622->16638 16626 7ff62aa2707e 16623->16626 16627 7ff62aa27103 16624->16627 16628 7ff62aa27115 16624->16628 16629 7ff62aa270df 16625->16629 16626->16446 16630 7ff62aa14f78 _get_daylight 11 API calls 16627->16630 16631 7ff62aa14fbc 45 API calls 16628->16631 16632 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16629->16632 16633 7ff62aa27108 16630->16633 16634 7ff62aa27122 16631->16634 16632->16638 16635 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16633->16635 16634->16638 17040 7ff62aa28b78 16634->17040 16635->16638 16638->16446 16639 7ff62aa14f78 _get_daylight 11 API calls 16639->16638 16641 7ff62aa1921d 16640->16641 16642 7ff62aa19221 16640->16642 16641->16530 16655 7ff62aa1955c 16641->16655 16663 7ff62aa22660 16642->16663 16647 7ff62aa1923f 16689 7ff62aa192ec 16647->16689 16648 7ff62aa19233 16650 7ff62aa1a9b8 __free_lconv_num 11 API calls 16648->16650 16650->16641 16652 7ff62aa1a9b8 __free_lconv_num 11 API calls 16653 7ff62aa19266 16652->16653 16654 7ff62aa1a9b8 __free_lconv_num 11 API calls 16653->16654 16654->16641 16656 7ff62aa19585 16655->16656 16661 7ff62aa1959e 16655->16661 16656->16530 16657 7ff62aa1ec08 _get_daylight 11 API calls 16657->16661 16658 7ff62aa1962e 16660 7ff62aa1a9b8 __free_lconv_num 11 API calls 16658->16660 16659 7ff62aa20858 WideCharToMultiByte 16659->16661 16660->16656 16661->16656 16661->16657 16661->16658 16661->16659 16662 7ff62aa1a9b8 __free_lconv_num 11 API calls 16661->16662 16662->16661 16664 7ff62aa19226 16663->16664 16665 7ff62aa2266d 16663->16665 16669 7ff62aa2299c GetEnvironmentStringsW 16664->16669 16708 7ff62aa1b294 16665->16708 16670 7ff62aa229cc 16669->16670 16671 7ff62aa1922b 16669->16671 16672 7ff62aa20858 WideCharToMultiByte 16670->16672 16671->16647 16671->16648 16673 7ff62aa22a1d 16672->16673 16674 7ff62aa22a24 FreeEnvironmentStringsW 16673->16674 16675 7ff62aa1d66c _fread_nolock 12 API calls 16673->16675 16674->16671 16676 7ff62aa22a37 16675->16676 16677 7ff62aa22a48 16676->16677 16678 7ff62aa22a3f 16676->16678 16680 7ff62aa20858 WideCharToMultiByte 16677->16680 16679 7ff62aa1a9b8 __free_lconv_num 11 API calls 16678->16679 16681 7ff62aa22a46 16679->16681 16682 7ff62aa22a6b 16680->16682 16681->16674 16683 7ff62aa22a79 16682->16683 16684 7ff62aa22a6f 16682->16684 16686 7ff62aa1a9b8 __free_lconv_num 11 API calls 16683->16686 16685 7ff62aa1a9b8 __free_lconv_num 11 API calls 16684->16685 16687 7ff62aa22a77 FreeEnvironmentStringsW 16685->16687 16686->16687 16687->16671 16690 7ff62aa19311 16689->16690 16691 7ff62aa1ec08 _get_daylight 11 API calls 16690->16691 16704 7ff62aa19347 16691->16704 16692 7ff62aa1934f 16693 7ff62aa1a9b8 __free_lconv_num 11 API calls 16692->16693 16695 7ff62aa19247 16693->16695 16694 7ff62aa193c2 16696 7ff62aa1a9b8 __free_lconv_num 11 API calls 16694->16696 16695->16652 16696->16695 16697 7ff62aa1ec08 _get_daylight 11 API calls 16697->16704 16698 7ff62aa193b1 16894 7ff62aa19518 16698->16894 16699 7ff62aa1a514 __std_exception_copy 37 API calls 16699->16704 16702 7ff62aa1a9b8 __free_lconv_num 11 API calls 16702->16692 16703 7ff62aa193e7 16705 7ff62aa1a970 _isindst 17 API calls 16703->16705 16704->16692 16704->16694 16704->16697 16704->16698 16704->16699 16704->16703 16706 7ff62aa1a9b8 __free_lconv_num 11 API calls 16704->16706 16707 7ff62aa193fa 16705->16707 16706->16704 16709 7ff62aa1b2c0 FlsSetValue 16708->16709 16710 7ff62aa1b2a5 FlsGetValue 16708->16710 16712 7ff62aa1b2b2 16709->16712 16713 7ff62aa1b2cd 16709->16713 16711 7ff62aa1b2ba 16710->16711 16710->16712 16711->16709 16714 7ff62aa1a574 __CxxCallCatchBlock 45 API calls 16712->16714 16716 7ff62aa1b2b8 16712->16716 16715 7ff62aa1ec08 _get_daylight 11 API calls 16713->16715 16717 7ff62aa1b335 16714->16717 16718 7ff62aa1b2dc 16715->16718 16728 7ff62aa22334 16716->16728 16719 7ff62aa1b2fa FlsSetValue 16718->16719 16720 7ff62aa1b2ea FlsSetValue 16718->16720 16721 7ff62aa1b306 FlsSetValue 16719->16721 16722 7ff62aa1b318 16719->16722 16723 7ff62aa1b2f3 16720->16723 16721->16723 16724 7ff62aa1af64 _get_daylight 11 API calls 16722->16724 16725 7ff62aa1a9b8 __free_lconv_num 11 API calls 16723->16725 16726 7ff62aa1b320 16724->16726 16725->16712 16727 7ff62aa1a9b8 __free_lconv_num 11 API calls 16726->16727 16727->16716 16751 7ff62aa225a4 16728->16751 16730 7ff62aa22369 16766 7ff62aa22034 16730->16766 16735 7ff62aa2239f 16736 7ff62aa1a9b8 __free_lconv_num 11 API calls 16735->16736 16750 7ff62aa22386 16736->16750 16737 7ff62aa223ae 16737->16737 16780 7ff62aa226dc 16737->16780 16740 7ff62aa224aa 16741 7ff62aa14f78 _get_daylight 11 API calls 16740->16741 16742 7ff62aa224af 16741->16742 16746 7ff62aa1a9b8 __free_lconv_num 11 API calls 16742->16746 16743 7ff62aa224c4 16744 7ff62aa22505 16743->16744 16747 7ff62aa1a9b8 __free_lconv_num 11 API calls 16743->16747 16745 7ff62aa2256c 16744->16745 16791 7ff62aa21e64 16744->16791 16749 7ff62aa1a9b8 __free_lconv_num 11 API calls 16745->16749 16746->16750 16747->16744 16749->16750 16750->16664 16752 7ff62aa225c7 16751->16752 16754 7ff62aa225d1 16752->16754 16806 7ff62aa20348 EnterCriticalSection 16752->16806 16755 7ff62aa22643 16754->16755 16756 7ff62aa1a574 __CxxCallCatchBlock 45 API calls 16754->16756 16755->16730 16760 7ff62aa2265b 16756->16760 16761 7ff62aa226b2 16760->16761 16763 7ff62aa1b294 50 API calls 16760->16763 16761->16730 16764 7ff62aa2269c 16763->16764 16765 7ff62aa22334 65 API calls 16764->16765 16765->16761 16767 7ff62aa14fbc 45 API calls 16766->16767 16768 7ff62aa22048 16767->16768 16769 7ff62aa22066 16768->16769 16770 7ff62aa22054 GetOEMCP 16768->16770 16771 7ff62aa2207b 16769->16771 16772 7ff62aa2206b GetACP 16769->16772 16770->16771 16771->16750 16773 7ff62aa1d66c 16771->16773 16772->16771 16774 7ff62aa1d6b7 16773->16774 16778 7ff62aa1d67b _get_daylight 16773->16778 16775 7ff62aa14f78 _get_daylight 11 API calls 16774->16775 16777 7ff62aa1d6b5 16775->16777 16776 7ff62aa1d69e HeapAlloc 16776->16777 16776->16778 16777->16735 16777->16737 16778->16774 16778->16776 16779 7ff62aa23600 _get_daylight 2 API calls 16778->16779 16779->16778 16781 7ff62aa22034 47 API calls 16780->16781 16782 7ff62aa22709 16781->16782 16783 7ff62aa2285f 16782->16783 16784 7ff62aa22746 IsValidCodePage 16782->16784 16790 7ff62aa22760 memcpy_s 16782->16790 16785 7ff62aa0c5c0 _log10_special 8 API calls 16783->16785 16784->16783 16786 7ff62aa22757 16784->16786 16787 7ff62aa224a1 16785->16787 16788 7ff62aa22786 GetCPInfo 16786->16788 16786->16790 16787->16740 16787->16743 16788->16783 16788->16790 16807 7ff62aa2214c 16790->16807 16893 7ff62aa20348 EnterCriticalSection 16791->16893 16808 7ff62aa22189 GetCPInfo 16807->16808 16809 7ff62aa2227f 16807->16809 16808->16809 16814 7ff62aa2219c 16808->16814 16810 7ff62aa0c5c0 _log10_special 8 API calls 16809->16810 16812 7ff62aa2231e 16810->16812 16812->16783 16818 7ff62aa22eb0 16814->16818 16819 7ff62aa14fbc 45 API calls 16818->16819 16820 7ff62aa22ef2 16819->16820 16838 7ff62aa1f910 16820->16838 16840 7ff62aa1f919 MultiByteToWideChar 16838->16840 16895 7ff62aa1951d 16894->16895 16899 7ff62aa193b9 16894->16899 16896 7ff62aa19546 16895->16896 16897 7ff62aa1a9b8 __free_lconv_num 11 API calls 16895->16897 16898 7ff62aa1a9b8 __free_lconv_num 11 API calls 16896->16898 16897->16895 16898->16899 16899->16702 16901 7ff62aa26348 16900->16901 16902 7ff62aa26331 16900->16902 16901->16902 16905 7ff62aa26356 16901->16905 16903 7ff62aa14f78 _get_daylight 11 API calls 16902->16903 16904 7ff62aa26336 16903->16904 16906 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16904->16906 16907 7ff62aa14fbc 45 API calls 16905->16907 16908 7ff62aa26341 16905->16908 16906->16908 16907->16908 16908->16562 16910 7ff62aa14fbc 45 API calls 16909->16910 16911 7ff62aa28fe1 16910->16911 16914 7ff62aa28c38 16911->16914 16917 7ff62aa28c86 16914->16917 16915 7ff62aa0c5c0 _log10_special 8 API calls 16916 7ff62aa27275 16915->16916 16916->16562 16916->16566 16918 7ff62aa28d0d 16917->16918 16920 7ff62aa28cf8 GetCPInfo 16917->16920 16921 7ff62aa28d11 16917->16921 16919 7ff62aa1f910 _fread_nolock MultiByteToWideChar 16918->16919 16918->16921 16922 7ff62aa28da5 16919->16922 16920->16918 16920->16921 16921->16915 16922->16921 16923 7ff62aa1d66c _fread_nolock 12 API calls 16922->16923 16924 7ff62aa28ddc 16922->16924 16923->16924 16924->16921 16925 7ff62aa1f910 _fread_nolock MultiByteToWideChar 16924->16925 16926 7ff62aa28e4a 16925->16926 16927 7ff62aa28f2c 16926->16927 16928 7ff62aa1f910 _fread_nolock MultiByteToWideChar 16926->16928 16927->16921 16929 7ff62aa1a9b8 __free_lconv_num 11 API calls 16927->16929 16930 7ff62aa28e70 16928->16930 16929->16921 16930->16927 16931 7ff62aa1d66c _fread_nolock 12 API calls 16930->16931 16932 7ff62aa28e9d 16930->16932 16931->16932 16932->16927 16933 7ff62aa1f910 _fread_nolock MultiByteToWideChar 16932->16933 16934 7ff62aa28f14 16933->16934 16935 7ff62aa28f1a 16934->16935 16936 7ff62aa28f34 16934->16936 16935->16927 16938 7ff62aa1a9b8 __free_lconv_num 11 API calls 16935->16938 16943 7ff62aa1efd8 16936->16943 16938->16927 16940 7ff62aa28f73 16940->16921 16942 7ff62aa1a9b8 __free_lconv_num 11 API calls 16940->16942 16941 7ff62aa1a9b8 __free_lconv_num 11 API calls 16941->16940 16942->16921 16944 7ff62aa1ed80 __crtLCMapStringW 5 API calls 16943->16944 16945 7ff62aa1f016 16944->16945 16946 7ff62aa1f01e 16945->16946 16947 7ff62aa1f240 __crtLCMapStringW 5 API calls 16945->16947 16946->16940 16946->16941 16948 7ff62aa1f087 CompareStringW 16947->16948 16948->16946 16950 7ff62aa27cca HeapSize 16949->16950 16951 7ff62aa27cb1 16949->16951 16952 7ff62aa14f78 _get_daylight 11 API calls 16951->16952 16953 7ff62aa27cb6 16952->16953 16954 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16953->16954 16955 7ff62aa27cc1 16954->16955 16955->16570 16957 7ff62aa27cf9 16956->16957 16958 7ff62aa27d03 16956->16958 16959 7ff62aa1d66c _fread_nolock 12 API calls 16957->16959 16960 7ff62aa27d08 16958->16960 16966 7ff62aa27d0f _get_daylight 16958->16966 16964 7ff62aa27d01 16959->16964 16961 7ff62aa1a9b8 __free_lconv_num 11 API calls 16960->16961 16961->16964 16962 7ff62aa27d42 HeapReAlloc 16962->16964 16962->16966 16963 7ff62aa27d15 16965 7ff62aa14f78 _get_daylight 11 API calls 16963->16965 16964->16574 16965->16964 16966->16962 16966->16963 16967 7ff62aa23600 _get_daylight 2 API calls 16966->16967 16967->16966 16969 7ff62aa1ed80 __crtLCMapStringW 5 API calls 16968->16969 16970 7ff62aa1efb4 16969->16970 16970->16580 16972 7ff62aa15546 16971->16972 16973 7ff62aa1556a 16971->16973 16977 7ff62aa1a9b8 __free_lconv_num 11 API calls 16972->16977 16978 7ff62aa15555 16972->16978 16974 7ff62aa1556f 16973->16974 16975 7ff62aa155c4 16973->16975 16974->16978 16981 7ff62aa1a9b8 __free_lconv_num 11 API calls 16974->16981 16985 7ff62aa15584 16974->16985 16976 7ff62aa1f910 _fread_nolock MultiByteToWideChar 16975->16976 16983 7ff62aa155e0 16976->16983 16977->16978 16978->16583 16978->16584 16979 7ff62aa1d66c _fread_nolock 12 API calls 16979->16978 16980 7ff62aa155e7 GetLastError 16982 7ff62aa14eec _fread_nolock 11 API calls 16980->16982 16981->16985 16987 7ff62aa155f4 16982->16987 16983->16980 16984 7ff62aa15622 16983->16984 16988 7ff62aa15615 16983->16988 16992 7ff62aa1a9b8 __free_lconv_num 11 API calls 16983->16992 16984->16978 16986 7ff62aa1f910 _fread_nolock MultiByteToWideChar 16984->16986 16985->16979 16990 7ff62aa15666 16986->16990 16991 7ff62aa14f78 _get_daylight 11 API calls 16987->16991 16989 7ff62aa1d66c _fread_nolock 12 API calls 16988->16989 16989->16984 16990->16978 16990->16980 16991->16978 16992->16988 16994 7ff62aa19295 16993->16994 17002 7ff62aa19291 16993->17002 17014 7ff62aa22aac GetEnvironmentStringsW 16994->17014 16997 7ff62aa192ae 17021 7ff62aa193fc 16997->17021 16998 7ff62aa192a2 16999 7ff62aa1a9b8 __free_lconv_num 11 API calls 16998->16999 16999->17002 17002->16614 17006 7ff62aa1963c 17002->17006 17003 7ff62aa1a9b8 __free_lconv_num 11 API calls 17004 7ff62aa192d5 17003->17004 17005 7ff62aa1a9b8 __free_lconv_num 11 API calls 17004->17005 17005->17002 17007 7ff62aa1965f 17006->17007 17012 7ff62aa19676 17006->17012 17007->16614 17008 7ff62aa1ec08 _get_daylight 11 API calls 17008->17012 17009 7ff62aa196ea 17011 7ff62aa1a9b8 __free_lconv_num 11 API calls 17009->17011 17010 7ff62aa1f910 MultiByteToWideChar _fread_nolock 17010->17012 17011->17007 17012->17007 17012->17008 17012->17009 17012->17010 17013 7ff62aa1a9b8 __free_lconv_num 11 API calls 17012->17013 17013->17012 17015 7ff62aa1929a 17014->17015 17016 7ff62aa22ad0 17014->17016 17015->16997 17015->16998 17016->17016 17017 7ff62aa1d66c _fread_nolock 12 API calls 17016->17017 17018 7ff62aa22b07 memcpy_s 17017->17018 17019 7ff62aa1a9b8 __free_lconv_num 11 API calls 17018->17019 17020 7ff62aa22b27 FreeEnvironmentStringsW 17019->17020 17020->17015 17022 7ff62aa19424 17021->17022 17023 7ff62aa1ec08 _get_daylight 11 API calls 17022->17023 17024 7ff62aa1945f 17023->17024 17026 7ff62aa194e1 17024->17026 17029 7ff62aa1ec08 _get_daylight 11 API calls 17024->17029 17030 7ff62aa194d0 17024->17030 17032 7ff62aa204e4 37 API calls 17024->17032 17034 7ff62aa19504 17024->17034 17036 7ff62aa1a9b8 __free_lconv_num 11 API calls 17024->17036 17037 7ff62aa19467 17024->17037 17025 7ff62aa1a9b8 __free_lconv_num 11 API calls 17028 7ff62aa192b6 17025->17028 17027 7ff62aa1a9b8 __free_lconv_num 11 API calls 17026->17027 17027->17028 17028->17003 17029->17024 17031 7ff62aa19518 11 API calls 17030->17031 17033 7ff62aa194d8 17031->17033 17032->17024 17035 7ff62aa1a9b8 __free_lconv_num 11 API calls 17033->17035 17038 7ff62aa1a970 _isindst 17 API calls 17034->17038 17035->17037 17036->17024 17037->17025 17039 7ff62aa19516 17038->17039 17041 7ff62aa28ba1 __crtLCMapStringW 17040->17041 17042 7ff62aa2715e 17041->17042 17043 7ff62aa1efd8 6 API calls 17041->17043 17042->16638 17042->16639 17043->17042 19735 7ff62aa0cbc0 19736 7ff62aa0cbd0 19735->19736 19752 7ff62aa19c18 19736->19752 19738 7ff62aa0cbdc 19758 7ff62aa0ceb8 19738->19758 19740 7ff62aa0d19c 7 API calls 19742 7ff62aa0cc75 19740->19742 19741 7ff62aa0cbf4 _RTC_Initialize 19750 7ff62aa0cc49 19741->19750 19763 7ff62aa0d068 19741->19763 19744 7ff62aa0cc09 19766 7ff62aa19084 19744->19766 19750->19740 19751 7ff62aa0cc65 19750->19751 19753 7ff62aa19c29 19752->19753 19754 7ff62aa14f78 _get_daylight 11 API calls 19753->19754 19757 7ff62aa19c31 19753->19757 19755 7ff62aa19c40 19754->19755 19756 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 19755->19756 19756->19757 19757->19738 19759 7ff62aa0cec9 19758->19759 19760 7ff62aa0cece __scrt_acquire_startup_lock 19758->19760 19759->19760 19761 7ff62aa0d19c 7 API calls 19759->19761 19760->19741 19762 7ff62aa0cf42 19761->19762 19791 7ff62aa0d02c 19763->19791 19765 7ff62aa0d071 19765->19744 19767 7ff62aa190a4 19766->19767 19789 7ff62aa0cc15 19766->19789 19768 7ff62aa190ac 19767->19768 19769 7ff62aa190c2 GetModuleFileNameW 19767->19769 19770 7ff62aa14f78 _get_daylight 11 API calls 19768->19770 19773 7ff62aa190ed 19769->19773 19771 7ff62aa190b1 19770->19771 19772 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 19771->19772 19772->19789 19806 7ff62aa19024 19773->19806 19776 7ff62aa1914d 19781 7ff62aa1916f 19776->19781 19783 7ff62aa1919b 19776->19783 19784 7ff62aa191b4 19776->19784 19777 7ff62aa19135 19778 7ff62aa14f78 _get_daylight 11 API calls 19777->19778 19779 7ff62aa1913a 19778->19779 19780 7ff62aa1a9b8 __free_lconv_num 11 API calls 19779->19780 19780->19789 19782 7ff62aa1a9b8 __free_lconv_num 11 API calls 19781->19782 19782->19789 19785 7ff62aa1a9b8 __free_lconv_num 11 API calls 19783->19785 19787 7ff62aa1a9b8 __free_lconv_num 11 API calls 19784->19787 19786 7ff62aa191a4 19785->19786 19788 7ff62aa1a9b8 __free_lconv_num 11 API calls 19786->19788 19787->19781 19788->19789 19789->19750 19790 7ff62aa0d13c InitializeSListHead 19789->19790 19792 7ff62aa0d046 19791->19792 19793 7ff62aa0d03f 19791->19793 19795 7ff62aa1a25c 19792->19795 19793->19765 19798 7ff62aa19e98 19795->19798 19805 7ff62aa20348 EnterCriticalSection 19798->19805 19807 7ff62aa19074 19806->19807 19808 7ff62aa1903c 19806->19808 19807->19776 19807->19777 19808->19807 19809 7ff62aa1ec08 _get_daylight 11 API calls 19808->19809 19810 7ff62aa1906a 19809->19810 19811 7ff62aa1a9b8 __free_lconv_num 11 API calls 19810->19811 19811->19807 19812 7ff62aa19dc0 19815 7ff62aa19d3c 19812->19815 19822 7ff62aa20348 EnterCriticalSection 19815->19822 20483 7ff62aa1b040 20484 7ff62aa1b045 20483->20484 20488 7ff62aa1b05a 20483->20488 20489 7ff62aa1b060 20484->20489 20490 7ff62aa1b0a2 20489->20490 20493 7ff62aa1b0aa 20489->20493 20491 7ff62aa1a9b8 __free_lconv_num 11 API calls 20490->20491 20491->20493 20492 7ff62aa1a9b8 __free_lconv_num 11 API calls 20494 7ff62aa1b0b7 20492->20494 20493->20492 20495 7ff62aa1a9b8 __free_lconv_num 11 API calls 20494->20495 20496 7ff62aa1b0c4 20495->20496 20497 7ff62aa1a9b8 __free_lconv_num 11 API calls 20496->20497 20498 7ff62aa1b0d1 20497->20498 20499 7ff62aa1a9b8 __free_lconv_num 11 API calls 20498->20499 20500 7ff62aa1b0de 20499->20500 20501 7ff62aa1a9b8 __free_lconv_num 11 API calls 20500->20501 20502 7ff62aa1b0eb 20501->20502 20503 7ff62aa1a9b8 __free_lconv_num 11 API calls 20502->20503 20504 7ff62aa1b0f8 20503->20504 20505 7ff62aa1a9b8 __free_lconv_num 11 API calls 20504->20505 20506 7ff62aa1b105 20505->20506 20507 7ff62aa1a9b8 __free_lconv_num 11 API calls 20506->20507 20508 7ff62aa1b115 20507->20508 20509 7ff62aa1a9b8 __free_lconv_num 11 API calls 20508->20509 20510 7ff62aa1b125 20509->20510 20515 7ff62aa1af04 20510->20515 20529 7ff62aa20348 EnterCriticalSection 20515->20529 17044 7ff62aa0ccac 17065 7ff62aa0ce7c 17044->17065 17047 7ff62aa0cdf8 17219 7ff62aa0d19c IsProcessorFeaturePresent 17047->17219 17048 7ff62aa0ccc8 __scrt_acquire_startup_lock 17050 7ff62aa0ce02 17048->17050 17057 7ff62aa0cce6 __scrt_release_startup_lock 17048->17057 17051 7ff62aa0d19c 7 API calls 17050->17051 17053 7ff62aa0ce0d __CxxCallCatchBlock 17051->17053 17052 7ff62aa0cd0b 17054 7ff62aa0cd91 17071 7ff62aa0d2e4 17054->17071 17056 7ff62aa0cd96 17074 7ff62aa01000 17056->17074 17057->17052 17057->17054 17208 7ff62aa19b9c 17057->17208 17062 7ff62aa0cdb9 17062->17053 17215 7ff62aa0d000 17062->17215 17066 7ff62aa0ce84 17065->17066 17067 7ff62aa0ce90 __scrt_dllmain_crt_thread_attach 17066->17067 17068 7ff62aa0ce9d 17067->17068 17069 7ff62aa0ccc0 17067->17069 17068->17069 17226 7ff62aa0d8f8 17068->17226 17069->17047 17069->17048 17072 7ff62aa2a540 memcpy_s 17071->17072 17073 7ff62aa0d2fb GetStartupInfoW 17072->17073 17073->17056 17075 7ff62aa01009 17074->17075 17253 7ff62aa154f4 17075->17253 17077 7ff62aa037fb 17260 7ff62aa036b0 17077->17260 17082 7ff62aa0c5c0 _log10_special 8 API calls 17085 7ff62aa03ca7 17082->17085 17083 7ff62aa0383c 17427 7ff62aa01c80 17083->17427 17084 7ff62aa0391b 17436 7ff62aa045b0 17084->17436 17213 7ff62aa0d328 GetModuleHandleW 17085->17213 17088 7ff62aa0385b 17332 7ff62aa08a20 17088->17332 17091 7ff62aa0396a 17459 7ff62aa02710 17091->17459 17094 7ff62aa0388e 17102 7ff62aa038bb __vcrt_freefls 17094->17102 17431 7ff62aa08b90 17094->17431 17095 7ff62aa0395d 17096 7ff62aa03984 17095->17096 17097 7ff62aa03962 17095->17097 17099 7ff62aa01c80 49 API calls 17096->17099 17455 7ff62aa100bc 17097->17455 17101 7ff62aa039a3 17099->17101 17107 7ff62aa01950 115 API calls 17101->17107 17103 7ff62aa08a20 14 API calls 17102->17103 17110 7ff62aa038de __vcrt_freefls 17102->17110 17103->17110 17104 7ff62aa08b30 40 API calls 17105 7ff62aa03a0b 17104->17105 17106 7ff62aa08b90 40 API calls 17105->17106 17108 7ff62aa03a17 17106->17108 17109 7ff62aa039ce 17107->17109 17111 7ff62aa08b90 40 API calls 17108->17111 17109->17088 17112 7ff62aa039de 17109->17112 17110->17104 17116 7ff62aa0390e __vcrt_freefls 17110->17116 17113 7ff62aa03a23 17111->17113 17114 7ff62aa02710 54 API calls 17112->17114 17115 7ff62aa08b90 40 API calls 17113->17115 17156 7ff62aa03808 __vcrt_freefls 17114->17156 17115->17116 17117 7ff62aa08a20 14 API calls 17116->17117 17118 7ff62aa03a3b 17117->17118 17119 7ff62aa03a60 __vcrt_freefls 17118->17119 17120 7ff62aa03b2f 17118->17120 17133 7ff62aa03aab 17119->17133 17345 7ff62aa08b30 17119->17345 17121 7ff62aa02710 54 API calls 17120->17121 17121->17156 17123 7ff62aa08a20 14 API calls 17124 7ff62aa03bf4 __vcrt_freefls 17123->17124 17125 7ff62aa03d41 17124->17125 17126 7ff62aa03c46 17124->17126 17470 7ff62aa044d0 17125->17470 17127 7ff62aa03cd4 17126->17127 17128 7ff62aa03c50 17126->17128 17131 7ff62aa08a20 14 API calls 17127->17131 17352 7ff62aa090e0 17128->17352 17135 7ff62aa03ce0 17131->17135 17132 7ff62aa03d4f 17136 7ff62aa03d65 17132->17136 17137 7ff62aa03d71 17132->17137 17133->17123 17138 7ff62aa03c61 17135->17138 17141 7ff62aa03ced 17135->17141 17473 7ff62aa04620 17136->17473 17140 7ff62aa01c80 49 API calls 17137->17140 17143 7ff62aa02710 54 API calls 17138->17143 17150 7ff62aa03cc8 __vcrt_freefls 17140->17150 17144 7ff62aa01c80 49 API calls 17141->17144 17143->17156 17147 7ff62aa03d0b 17144->17147 17145 7ff62aa03dc4 17402 7ff62aa09400 17145->17402 17149 7ff62aa03d12 17147->17149 17147->17150 17154 7ff62aa02710 54 API calls 17149->17154 17150->17145 17151 7ff62aa03da7 SetDllDirectoryW LoadLibraryExW 17150->17151 17151->17145 17152 7ff62aa03dd7 SetDllDirectoryW 17155 7ff62aa03e0a 17152->17155 17199 7ff62aa03e5a 17152->17199 17154->17156 17157 7ff62aa08a20 14 API calls 17155->17157 17156->17082 17165 7ff62aa03e16 __vcrt_freefls 17157->17165 17158 7ff62aa03ffc 17159 7ff62aa04029 17158->17159 17160 7ff62aa04006 PostMessageW GetMessageW 17158->17160 17550 7ff62aa03360 17159->17550 17160->17159 17161 7ff62aa03f1b 17407 7ff62aa033c0 17161->17407 17168 7ff62aa03ef2 17165->17168 17172 7ff62aa03e4e 17165->17172 17171 7ff62aa08b30 40 API calls 17168->17171 17171->17199 17172->17199 17476 7ff62aa06db0 17172->17476 17199->17158 17199->17161 17209 7ff62aa19bb3 17208->17209 17210 7ff62aa19bd4 17208->17210 17209->17054 19469 7ff62aa1a448 17210->19469 17214 7ff62aa0d339 17213->17214 17214->17062 17217 7ff62aa0d011 17215->17217 17216 7ff62aa0cdd0 17216->17052 17217->17216 17218 7ff62aa0d8f8 7 API calls 17217->17218 17218->17216 17220 7ff62aa0d1c2 __CxxCallCatchBlock memcpy_s 17219->17220 17221 7ff62aa0d1e1 RtlCaptureContext RtlLookupFunctionEntry 17220->17221 17222 7ff62aa0d246 memcpy_s 17221->17222 17223 7ff62aa0d20a RtlVirtualUnwind 17221->17223 17224 7ff62aa0d278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 17222->17224 17223->17222 17225 7ff62aa0d2c6 __CxxCallCatchBlock 17224->17225 17225->17050 17227 7ff62aa0d90a 17226->17227 17228 7ff62aa0d900 17226->17228 17227->17069 17232 7ff62aa0dc94 17228->17232 17233 7ff62aa0d905 17232->17233 17234 7ff62aa0dca3 17232->17234 17236 7ff62aa0dd00 17233->17236 17240 7ff62aa0ded0 17234->17240 17237 7ff62aa0dd2b 17236->17237 17238 7ff62aa0dd0e DeleteCriticalSection 17237->17238 17239 7ff62aa0dd2f 17237->17239 17238->17237 17239->17227 17244 7ff62aa0dd38 17240->17244 17245 7ff62aa0de22 TlsFree 17244->17245 17250 7ff62aa0dd7c __vcrt_FlsAlloc 17244->17250 17246 7ff62aa0ddaa LoadLibraryExW 17248 7ff62aa0de49 17246->17248 17249 7ff62aa0ddcb GetLastError 17246->17249 17247 7ff62aa0de69 GetProcAddress 17247->17245 17248->17247 17251 7ff62aa0de60 FreeLibrary 17248->17251 17249->17250 17250->17245 17250->17246 17250->17247 17252 7ff62aa0dded LoadLibraryExW 17250->17252 17251->17247 17252->17248 17252->17250 17256 7ff62aa1f4f0 17253->17256 17254 7ff62aa1f543 17255 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17254->17255 17259 7ff62aa1f56c 17255->17259 17256->17254 17257 7ff62aa1f596 17256->17257 17563 7ff62aa1f3c8 17257->17563 17259->17077 17571 7ff62aa0c8c0 17260->17571 17263 7ff62aa03710 17573 7ff62aa092f0 FindFirstFileExW 17263->17573 17264 7ff62aa036eb GetLastError 17578 7ff62aa02c50 17264->17578 17267 7ff62aa03706 17272 7ff62aa0c5c0 _log10_special 8 API calls 17267->17272 17269 7ff62aa03723 17593 7ff62aa09370 CreateFileW 17269->17593 17270 7ff62aa0377d 17604 7ff62aa094b0 17270->17604 17275 7ff62aa037b5 17272->17275 17274 7ff62aa0378b 17274->17267 17279 7ff62aa02810 49 API calls 17274->17279 17275->17156 17282 7ff62aa01950 17275->17282 17277 7ff62aa03734 17596 7ff62aa02810 17277->17596 17278 7ff62aa0374c __vcrt_FlsAlloc 17278->17270 17279->17267 17283 7ff62aa045b0 108 API calls 17282->17283 17284 7ff62aa01985 17283->17284 17285 7ff62aa07f80 83 API calls 17284->17285 17292 7ff62aa01c43 17284->17292 17287 7ff62aa019cb 17285->17287 17286 7ff62aa0c5c0 _log10_special 8 API calls 17288 7ff62aa01c5e 17286->17288 17331 7ff62aa01a03 17287->17331 17949 7ff62aa10744 17287->17949 17288->17083 17288->17084 17290 7ff62aa100bc 74 API calls 17290->17292 17291 7ff62aa019e5 17293 7ff62aa019e9 17291->17293 17294 7ff62aa01a08 17291->17294 17292->17286 17295 7ff62aa14f78 _get_daylight 11 API calls 17293->17295 17953 7ff62aa1040c 17294->17953 17297 7ff62aa019ee 17295->17297 17956 7ff62aa02910 17297->17956 17299 7ff62aa01a45 17305 7ff62aa01a5c 17299->17305 17306 7ff62aa01a7b 17299->17306 17300 7ff62aa01a26 17302 7ff62aa14f78 _get_daylight 11 API calls 17300->17302 17303 7ff62aa01a2b 17302->17303 17304 7ff62aa02910 54 API calls 17303->17304 17304->17331 17307 7ff62aa14f78 _get_daylight 11 API calls 17305->17307 17308 7ff62aa01c80 49 API calls 17306->17308 17309 7ff62aa01a61 17307->17309 17310 7ff62aa01a92 17308->17310 17312 7ff62aa02910 54 API calls 17309->17312 17311 7ff62aa01c80 49 API calls 17310->17311 17313 7ff62aa01add 17311->17313 17312->17331 17314 7ff62aa10744 73 API calls 17313->17314 17315 7ff62aa01b01 17314->17315 17316 7ff62aa01b35 17315->17316 17317 7ff62aa01b16 17315->17317 17319 7ff62aa1040c _fread_nolock 53 API calls 17316->17319 17318 7ff62aa14f78 _get_daylight 11 API calls 17317->17318 17320 7ff62aa01b1b 17318->17320 17321 7ff62aa01b4a 17319->17321 17322 7ff62aa02910 54 API calls 17320->17322 17323 7ff62aa01b50 17321->17323 17324 7ff62aa01b6f 17321->17324 17322->17331 17326 7ff62aa14f78 _get_daylight 11 API calls 17323->17326 17971 7ff62aa10180 17324->17971 17327 7ff62aa01b55 17326->17327 17329 7ff62aa02910 54 API calls 17327->17329 17329->17331 17330 7ff62aa02710 54 API calls 17330->17331 17331->17290 17333 7ff62aa08a2a 17332->17333 17334 7ff62aa09400 2 API calls 17333->17334 17335 7ff62aa08a49 GetEnvironmentVariableW 17334->17335 17336 7ff62aa08a66 ExpandEnvironmentStringsW 17335->17336 17337 7ff62aa08ab2 17335->17337 17336->17337 17339 7ff62aa08a88 17336->17339 17338 7ff62aa0c5c0 _log10_special 8 API calls 17337->17338 17341 7ff62aa08ac4 17338->17341 17340 7ff62aa094b0 2 API calls 17339->17340 17342 7ff62aa08a9a 17340->17342 17341->17094 17343 7ff62aa0c5c0 _log10_special 8 API calls 17342->17343 17344 7ff62aa08aaa 17343->17344 17344->17094 17346 7ff62aa09400 2 API calls 17345->17346 17347 7ff62aa08b4c 17346->17347 17348 7ff62aa09400 2 API calls 17347->17348 17349 7ff62aa08b5c 17348->17349 18186 7ff62aa182a8 17349->18186 17351 7ff62aa08b6a __vcrt_freefls 17351->17133 17353 7ff62aa090f5 17352->17353 18204 7ff62aa08760 GetCurrentProcess OpenProcessToken 17353->18204 17356 7ff62aa08760 7 API calls 17357 7ff62aa09121 17356->17357 17358 7ff62aa0913a 17357->17358 17359 7ff62aa09154 17357->17359 17360 7ff62aa026b0 48 API calls 17358->17360 17361 7ff62aa026b0 48 API calls 17359->17361 17362 7ff62aa09152 17360->17362 17363 7ff62aa09167 LocalFree LocalFree 17361->17363 17362->17363 17364 7ff62aa09183 17363->17364 17367 7ff62aa0918f 17363->17367 18214 7ff62aa02b50 17364->18214 17366 7ff62aa0c5c0 _log10_special 8 API calls 17368 7ff62aa03c55 17366->17368 17367->17366 17368->17138 17369 7ff62aa08850 17368->17369 17370 7ff62aa08868 17369->17370 17371 7ff62aa088ea GetTempPathW GetCurrentProcessId 17370->17371 17372 7ff62aa0888c 17370->17372 18223 7ff62aa025c0 17371->18223 17374 7ff62aa08a20 14 API calls 17372->17374 17375 7ff62aa08898 17374->17375 18230 7ff62aa081c0 17375->18230 17382 7ff62aa08918 __vcrt_freefls 17388 7ff62aa08955 __vcrt_freefls 17382->17388 18227 7ff62aa18bd8 17382->18227 17393 7ff62aa09400 2 API calls 17388->17393 17401 7ff62aa089c4 __vcrt_freefls 17388->17401 17394 7ff62aa089a1 17393->17394 17403 7ff62aa09422 MultiByteToWideChar 17402->17403 17405 7ff62aa09446 17402->17405 17403->17405 17406 7ff62aa0945c __vcrt_freefls 17403->17406 17404 7ff62aa09463 MultiByteToWideChar 17404->17406 17405->17404 17405->17406 17406->17152 17418 7ff62aa033ce memcpy_s 17407->17418 17408 7ff62aa035c7 17409 7ff62aa0c5c0 _log10_special 8 API calls 17408->17409 17410 7ff62aa03664 17409->17410 17410->17156 17426 7ff62aa090c0 LocalFree 17410->17426 17412 7ff62aa01c80 49 API calls 17412->17418 17413 7ff62aa035e2 17415 7ff62aa02710 54 API calls 17413->17415 17415->17408 17418->17408 17418->17412 17418->17413 17419 7ff62aa035c9 17418->17419 17420 7ff62aa02a50 54 API calls 17418->17420 17424 7ff62aa035d0 17418->17424 18392 7ff62aa04550 17418->18392 18398 7ff62aa07e10 17418->18398 18409 7ff62aa01600 17418->18409 18457 7ff62aa07110 17418->18457 18461 7ff62aa04180 17418->18461 18505 7ff62aa04440 17418->18505 17421 7ff62aa02710 54 API calls 17419->17421 17420->17418 17421->17408 17425 7ff62aa02710 54 API calls 17424->17425 17425->17408 17428 7ff62aa01ca5 17427->17428 17429 7ff62aa149f4 49 API calls 17428->17429 17430 7ff62aa01cc8 17429->17430 17430->17088 17432 7ff62aa09400 2 API calls 17431->17432 17433 7ff62aa08ba4 17432->17433 17434 7ff62aa182a8 38 API calls 17433->17434 17435 7ff62aa08bb6 __vcrt_freefls 17434->17435 17435->17102 17437 7ff62aa045bc 17436->17437 17438 7ff62aa09400 2 API calls 17437->17438 17439 7ff62aa045e4 17438->17439 17440 7ff62aa09400 2 API calls 17439->17440 17441 7ff62aa045f7 17440->17441 18672 7ff62aa16004 17441->18672 17444 7ff62aa0c5c0 _log10_special 8 API calls 17445 7ff62aa0392b 17444->17445 17445->17091 17446 7ff62aa07f80 17445->17446 17447 7ff62aa07fa4 17446->17447 17448 7ff62aa10744 73 API calls 17447->17448 17453 7ff62aa0807b __vcrt_freefls 17447->17453 17449 7ff62aa07fc0 17448->17449 17449->17453 19063 7ff62aa17938 17449->19063 17451 7ff62aa10744 73 API calls 17454 7ff62aa07fd5 17451->17454 17452 7ff62aa1040c _fread_nolock 53 API calls 17452->17454 17453->17095 17454->17451 17454->17452 17454->17453 17456 7ff62aa100ec 17455->17456 19078 7ff62aa0fe98 17456->19078 17458 7ff62aa10105 17458->17091 17460 7ff62aa0c8c0 17459->17460 17461 7ff62aa02734 GetCurrentProcessId 17460->17461 17462 7ff62aa01c80 49 API calls 17461->17462 17463 7ff62aa02787 17462->17463 17464 7ff62aa149f4 49 API calls 17463->17464 17465 7ff62aa027cf 17464->17465 17466 7ff62aa02620 12 API calls 17465->17466 17467 7ff62aa027f1 17466->17467 17468 7ff62aa0c5c0 _log10_special 8 API calls 17467->17468 17469 7ff62aa02801 17468->17469 17469->17156 17471 7ff62aa01c80 49 API calls 17470->17471 17472 7ff62aa044ed 17471->17472 17472->17132 17474 7ff62aa01c80 49 API calls 17473->17474 17475 7ff62aa04650 17474->17475 17475->17150 17477 7ff62aa06dc5 17476->17477 17478 7ff62aa03e6c 17477->17478 17479 7ff62aa14f78 _get_daylight 11 API calls 17477->17479 17482 7ff62aa07330 17478->17482 17480 7ff62aa06dd2 17479->17480 17481 7ff62aa02910 54 API calls 17480->17481 17481->17478 19089 7ff62aa01470 17482->19089 19195 7ff62aa06350 17550->19195 17570 7ff62aa154dc EnterCriticalSection 17563->17570 17572 7ff62aa036bc GetModuleFileNameW 17571->17572 17572->17263 17572->17264 17574 7ff62aa0932f FindClose 17573->17574 17575 7ff62aa09342 17573->17575 17574->17575 17576 7ff62aa0c5c0 _log10_special 8 API calls 17575->17576 17577 7ff62aa0371a 17576->17577 17577->17269 17577->17270 17579 7ff62aa0c8c0 17578->17579 17580 7ff62aa02c70 GetCurrentProcessId 17579->17580 17609 7ff62aa026b0 17580->17609 17582 7ff62aa02cb9 17613 7ff62aa14c48 17582->17613 17585 7ff62aa026b0 48 API calls 17586 7ff62aa02d34 FormatMessageW 17585->17586 17588 7ff62aa02d7f MessageBoxW 17586->17588 17589 7ff62aa02d6d 17586->17589 17591 7ff62aa0c5c0 _log10_special 8 API calls 17588->17591 17590 7ff62aa026b0 48 API calls 17589->17590 17590->17588 17592 7ff62aa02daf 17591->17592 17592->17267 17594 7ff62aa03730 17593->17594 17595 7ff62aa093b0 GetFinalPathNameByHandleW CloseHandle 17593->17595 17594->17277 17594->17278 17595->17594 17597 7ff62aa02834 17596->17597 17598 7ff62aa026b0 48 API calls 17597->17598 17599 7ff62aa02887 17598->17599 17600 7ff62aa14c48 48 API calls 17599->17600 17601 7ff62aa028d0 MessageBoxW 17600->17601 17602 7ff62aa0c5c0 _log10_special 8 API calls 17601->17602 17603 7ff62aa02900 17602->17603 17603->17267 17605 7ff62aa094da WideCharToMultiByte 17604->17605 17608 7ff62aa09505 17604->17608 17606 7ff62aa0951b __vcrt_freefls 17605->17606 17605->17608 17606->17274 17607 7ff62aa09522 WideCharToMultiByte 17607->17606 17608->17606 17608->17607 17610 7ff62aa026d5 17609->17610 17611 7ff62aa14c48 48 API calls 17610->17611 17612 7ff62aa026f8 17611->17612 17612->17582 17616 7ff62aa14ca2 17613->17616 17614 7ff62aa14cc7 17615 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17614->17615 17630 7ff62aa14cf1 17615->17630 17616->17614 17617 7ff62aa14d03 17616->17617 17631 7ff62aa13000 17617->17631 17619 7ff62aa1a9b8 __free_lconv_num 11 API calls 17619->17630 17621 7ff62aa0c5c0 _log10_special 8 API calls 17622 7ff62aa02d04 17621->17622 17622->17585 17623 7ff62aa14de4 17623->17619 17624 7ff62aa14db9 17626 7ff62aa1a9b8 __free_lconv_num 11 API calls 17624->17626 17625 7ff62aa14e0a 17625->17623 17628 7ff62aa14e14 17625->17628 17626->17630 17627 7ff62aa14db0 17627->17623 17627->17624 17629 7ff62aa1a9b8 __free_lconv_num 11 API calls 17628->17629 17629->17630 17630->17621 17632 7ff62aa1303e 17631->17632 17633 7ff62aa1302e 17631->17633 17634 7ff62aa13047 17632->17634 17638 7ff62aa13075 17632->17638 17635 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17633->17635 17636 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17634->17636 17637 7ff62aa1306d 17635->17637 17636->17637 17637->17623 17637->17624 17637->17625 17637->17627 17638->17633 17638->17637 17642 7ff62aa13a14 17638->17642 17675 7ff62aa13460 17638->17675 17712 7ff62aa12bf0 17638->17712 17643 7ff62aa13a56 17642->17643 17644 7ff62aa13ac7 17642->17644 17646 7ff62aa13a5c 17643->17646 17648 7ff62aa13af1 17643->17648 17645 7ff62aa13acc 17644->17645 17647 7ff62aa13b20 17644->17647 17651 7ff62aa13b01 17645->17651 17653 7ff62aa13ace 17645->17653 17649 7ff62aa13a90 17646->17649 17650 7ff62aa13a61 17646->17650 17654 7ff62aa13b37 17647->17654 17655 7ff62aa13b2a 17647->17655 17660 7ff62aa13b2f 17647->17660 17735 7ff62aa11dc4 17648->17735 17657 7ff62aa13a67 17649->17657 17649->17660 17650->17654 17650->17657 17742 7ff62aa119b4 17651->17742 17652 7ff62aa13a70 17673 7ff62aa13b60 17652->17673 17715 7ff62aa141c8 17652->17715 17653->17652 17663 7ff62aa13add 17653->17663 17749 7ff62aa1471c 17654->17749 17655->17648 17655->17660 17657->17652 17662 7ff62aa13aa2 17657->17662 17670 7ff62aa13a8b 17657->17670 17660->17673 17753 7ff62aa121d4 17660->17753 17662->17673 17725 7ff62aa14504 17662->17725 17663->17648 17665 7ff62aa13ae2 17663->17665 17665->17673 17731 7ff62aa145c8 17665->17731 17667 7ff62aa0c5c0 _log10_special 8 API calls 17668 7ff62aa13e5a 17667->17668 17668->17638 17670->17673 17674 7ff62aa13d4c 17670->17674 17760 7ff62aa14830 17670->17760 17673->17667 17674->17673 17766 7ff62aa1ea78 17674->17766 17676 7ff62aa1346e 17675->17676 17677 7ff62aa13484 17675->17677 17679 7ff62aa13a56 17676->17679 17680 7ff62aa13ac7 17676->17680 17681 7ff62aa134c4 17676->17681 17678 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17677->17678 17677->17681 17678->17681 17684 7ff62aa13a5c 17679->17684 17685 7ff62aa13af1 17679->17685 17682 7ff62aa13acc 17680->17682 17683 7ff62aa13b20 17680->17683 17681->17638 17686 7ff62aa13ace 17682->17686 17687 7ff62aa13b01 17682->17687 17691 7ff62aa13b37 17683->17691 17692 7ff62aa13b2a 17683->17692 17697 7ff62aa13b2f 17683->17697 17688 7ff62aa13a90 17684->17688 17689 7ff62aa13a61 17684->17689 17693 7ff62aa11dc4 38 API calls 17685->17693 17690 7ff62aa13a70 17686->17690 17699 7ff62aa13add 17686->17699 17695 7ff62aa119b4 38 API calls 17687->17695 17694 7ff62aa13a67 17688->17694 17688->17697 17689->17691 17689->17694 17696 7ff62aa141c8 47 API calls 17690->17696 17710 7ff62aa13b60 17690->17710 17698 7ff62aa1471c 45 API calls 17691->17698 17692->17685 17692->17697 17707 7ff62aa13a8b 17693->17707 17694->17690 17700 7ff62aa13aa2 17694->17700 17694->17707 17695->17707 17696->17707 17701 7ff62aa121d4 38 API calls 17697->17701 17697->17710 17698->17707 17699->17685 17702 7ff62aa13ae2 17699->17702 17703 7ff62aa14504 46 API calls 17700->17703 17700->17710 17701->17707 17705 7ff62aa145c8 37 API calls 17702->17705 17702->17710 17703->17707 17704 7ff62aa0c5c0 _log10_special 8 API calls 17706 7ff62aa13e5a 17704->17706 17705->17707 17706->17638 17708 7ff62aa14830 45 API calls 17707->17708 17707->17710 17711 7ff62aa13d4c 17707->17711 17708->17711 17709 7ff62aa1ea78 46 API calls 17709->17711 17710->17704 17711->17709 17711->17710 17932 7ff62aa11038 17712->17932 17716 7ff62aa141ee 17715->17716 17778 7ff62aa10bf0 17716->17778 17721 7ff62aa14830 45 API calls 17723 7ff62aa14333 17721->17723 17722 7ff62aa14830 45 API calls 17724 7ff62aa143c1 17722->17724 17723->17722 17723->17723 17723->17724 17724->17670 17728 7ff62aa14539 17725->17728 17726 7ff62aa1457e 17726->17670 17727 7ff62aa14557 17729 7ff62aa1ea78 46 API calls 17727->17729 17728->17726 17728->17727 17730 7ff62aa14830 45 API calls 17728->17730 17729->17726 17730->17727 17734 7ff62aa145e9 17731->17734 17732 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17733 7ff62aa1461a 17732->17733 17733->17670 17734->17732 17734->17733 17736 7ff62aa11df7 17735->17736 17737 7ff62aa11e26 17736->17737 17740 7ff62aa11ee3 17736->17740 17738 7ff62aa11e63 17737->17738 17905 7ff62aa10c98 17737->17905 17738->17670 17741 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17740->17741 17741->17738 17743 7ff62aa119e7 17742->17743 17744 7ff62aa11a16 17743->17744 17746 7ff62aa11ad3 17743->17746 17745 7ff62aa10c98 12 API calls 17744->17745 17748 7ff62aa11a53 17744->17748 17745->17748 17747 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17746->17747 17747->17748 17748->17670 17750 7ff62aa1475f 17749->17750 17752 7ff62aa14763 __crtLCMapStringW 17750->17752 17913 7ff62aa147b8 17750->17913 17752->17670 17754 7ff62aa12207 17753->17754 17755 7ff62aa12236 17754->17755 17757 7ff62aa122f3 17754->17757 17756 7ff62aa10c98 12 API calls 17755->17756 17759 7ff62aa12273 17755->17759 17756->17759 17758 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17757->17758 17758->17759 17759->17670 17761 7ff62aa14847 17760->17761 17917 7ff62aa1da28 17761->17917 17768 7ff62aa1eaa9 17766->17768 17776 7ff62aa1eab7 17766->17776 17767 7ff62aa1ead7 17770 7ff62aa1eae8 17767->17770 17771 7ff62aa1eb0f 17767->17771 17768->17767 17769 7ff62aa14830 45 API calls 17768->17769 17768->17776 17769->17767 17925 7ff62aa20110 17770->17925 17773 7ff62aa1eb39 17771->17773 17774 7ff62aa1eb9a 17771->17774 17771->17776 17773->17776 17777 7ff62aa1f910 _fread_nolock MultiByteToWideChar 17773->17777 17775 7ff62aa1f910 _fread_nolock MultiByteToWideChar 17774->17775 17775->17776 17776->17674 17777->17776 17779 7ff62aa10c27 17778->17779 17785 7ff62aa10c16 17778->17785 17780 7ff62aa1d66c _fread_nolock 12 API calls 17779->17780 17779->17785 17782 7ff62aa10c54 17780->17782 17781 7ff62aa10c68 17784 7ff62aa1a9b8 __free_lconv_num 11 API calls 17781->17784 17782->17781 17783 7ff62aa1a9b8 __free_lconv_num 11 API calls 17782->17783 17783->17781 17784->17785 17786 7ff62aa1e5e0 17785->17786 17787 7ff62aa1e5fd 17786->17787 17788 7ff62aa1e630 17786->17788 17789 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17787->17789 17788->17787 17790 7ff62aa1e662 17788->17790 17799 7ff62aa14311 17789->17799 17791 7ff62aa1e775 17790->17791 17803 7ff62aa1e6aa 17790->17803 17792 7ff62aa1e867 17791->17792 17794 7ff62aa1e82d 17791->17794 17796 7ff62aa1e7fc 17791->17796 17797 7ff62aa1e7bf 17791->17797 17800 7ff62aa1e7b5 17791->17800 17832 7ff62aa1dacc 17792->17832 17825 7ff62aa1de64 17794->17825 17818 7ff62aa1e144 17796->17818 17808 7ff62aa1e374 17797->17808 17799->17721 17799->17723 17800->17794 17802 7ff62aa1e7ba 17800->17802 17802->17796 17802->17797 17803->17799 17804 7ff62aa1a514 __std_exception_copy 37 API calls 17803->17804 17805 7ff62aa1e762 17804->17805 17805->17799 17806 7ff62aa1a970 _isindst 17 API calls 17805->17806 17807 7ff62aa1e8c4 17806->17807 17841 7ff62aa2411c 17808->17841 17812 7ff62aa1e41c 17813 7ff62aa1e471 17812->17813 17814 7ff62aa1e43c 17812->17814 17817 7ff62aa1e420 17812->17817 17894 7ff62aa1df60 17813->17894 17890 7ff62aa1e21c 17814->17890 17817->17799 17819 7ff62aa2411c 38 API calls 17818->17819 17820 7ff62aa1e18e 17819->17820 17821 7ff62aa23b64 37 API calls 17820->17821 17822 7ff62aa1e1de 17821->17822 17823 7ff62aa1e1e2 17822->17823 17824 7ff62aa1e21c 45 API calls 17822->17824 17823->17799 17824->17823 17826 7ff62aa2411c 38 API calls 17825->17826 17827 7ff62aa1deaf 17826->17827 17828 7ff62aa23b64 37 API calls 17827->17828 17829 7ff62aa1df07 17828->17829 17830 7ff62aa1df0b 17829->17830 17831 7ff62aa1df60 45 API calls 17829->17831 17830->17799 17831->17830 17833 7ff62aa1db11 17832->17833 17834 7ff62aa1db44 17832->17834 17835 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17833->17835 17836 7ff62aa1db5c 17834->17836 17839 7ff62aa1dbdd 17834->17839 17838 7ff62aa1db3d memcpy_s 17835->17838 17837 7ff62aa1de64 46 API calls 17836->17837 17837->17838 17838->17799 17839->17838 17840 7ff62aa14830 45 API calls 17839->17840 17840->17838 17842 7ff62aa2416f fegetenv 17841->17842 17843 7ff62aa27e9c 37 API calls 17842->17843 17847 7ff62aa241c2 17843->17847 17844 7ff62aa242b2 17846 7ff62aa27e9c 37 API calls 17844->17846 17845 7ff62aa241ef 17849 7ff62aa1a514 __std_exception_copy 37 API calls 17845->17849 17848 7ff62aa242dc 17846->17848 17847->17844 17850 7ff62aa241dd 17847->17850 17851 7ff62aa2428c 17847->17851 17852 7ff62aa27e9c 37 API calls 17848->17852 17853 7ff62aa2426d 17849->17853 17850->17844 17850->17845 17854 7ff62aa1a514 __std_exception_copy 37 API calls 17851->17854 17855 7ff62aa242ed 17852->17855 17856 7ff62aa25394 17853->17856 17861 7ff62aa24275 17853->17861 17854->17853 17858 7ff62aa28090 20 API calls 17855->17858 17857 7ff62aa1a970 _isindst 17 API calls 17856->17857 17859 7ff62aa253a9 17857->17859 17869 7ff62aa24356 memcpy_s 17858->17869 17860 7ff62aa0c5c0 _log10_special 8 API calls 17862 7ff62aa1e3c1 17860->17862 17861->17860 17886 7ff62aa23b64 17862->17886 17863 7ff62aa246ff memcpy_s 17864 7ff62aa24a3f 17866 7ff62aa23c80 37 API calls 17864->17866 17865 7ff62aa24397 memcpy_s 17879 7ff62aa24cdb memcpy_s 17865->17879 17880 7ff62aa247f3 memcpy_s 17865->17880 17867 7ff62aa25157 17866->17867 17875 7ff62aa253ac memcpy_s 37 API calls 17867->17875 17884 7ff62aa251b2 17867->17884 17868 7ff62aa249eb 17868->17864 17870 7ff62aa253ac memcpy_s 37 API calls 17868->17870 17869->17863 17869->17865 17871 7ff62aa14f78 _get_daylight 11 API calls 17869->17871 17870->17864 17873 7ff62aa247d0 17871->17873 17872 7ff62aa25338 17877 7ff62aa27e9c 37 API calls 17872->17877 17874 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 17873->17874 17874->17865 17875->17884 17876 7ff62aa14f78 11 API calls _get_daylight 17876->17879 17877->17861 17878 7ff62aa14f78 11 API calls _get_daylight 17878->17880 17879->17864 17879->17868 17879->17876 17885 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 17879->17885 17880->17868 17880->17878 17882 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 17880->17882 17881 7ff62aa23c80 37 API calls 17881->17884 17882->17880 17883 7ff62aa253ac memcpy_s 37 API calls 17883->17884 17884->17872 17884->17881 17884->17883 17885->17879 17887 7ff62aa23b83 17886->17887 17888 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17887->17888 17889 7ff62aa23bae memcpy_s 17887->17889 17888->17889 17889->17812 17891 7ff62aa1e248 memcpy_s 17890->17891 17891->17891 17892 7ff62aa14830 45 API calls 17891->17892 17893 7ff62aa1e302 memcpy_s 17891->17893 17892->17893 17893->17817 17895 7ff62aa1df9b 17894->17895 17899 7ff62aa1dfe8 memcpy_s 17894->17899 17896 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17895->17896 17897 7ff62aa1dfc7 17896->17897 17897->17817 17898 7ff62aa1e053 17900 7ff62aa1a514 __std_exception_copy 37 API calls 17898->17900 17899->17898 17901 7ff62aa14830 45 API calls 17899->17901 17904 7ff62aa1e095 memcpy_s 17900->17904 17901->17898 17902 7ff62aa1a970 _isindst 17 API calls 17903 7ff62aa1e140 17902->17903 17904->17902 17906 7ff62aa10ccf 17905->17906 17912 7ff62aa10cbe 17905->17912 17907 7ff62aa1d66c _fread_nolock 12 API calls 17906->17907 17906->17912 17908 7ff62aa10d00 17907->17908 17909 7ff62aa1a9b8 __free_lconv_num 11 API calls 17908->17909 17911 7ff62aa10d14 17908->17911 17909->17911 17910 7ff62aa1a9b8 __free_lconv_num 11 API calls 17910->17912 17911->17910 17912->17738 17914 7ff62aa147d6 17913->17914 17915 7ff62aa147de 17913->17915 17916 7ff62aa14830 45 API calls 17914->17916 17915->17752 17916->17915 17918 7ff62aa1486f 17917->17918 17919 7ff62aa1da41 17917->17919 17921 7ff62aa1da94 17918->17921 17919->17918 17920 7ff62aa23374 45 API calls 17919->17920 17920->17918 17922 7ff62aa1daad 17921->17922 17923 7ff62aa1487f 17921->17923 17922->17923 17924 7ff62aa226c0 45 API calls 17922->17924 17923->17674 17924->17923 17928 7ff62aa26df8 17925->17928 17931 7ff62aa26e5c 17928->17931 17929 7ff62aa0c5c0 _log10_special 8 API calls 17930 7ff62aa2012d 17929->17930 17930->17776 17931->17929 17933 7ff62aa1106d 17932->17933 17934 7ff62aa1107f 17932->17934 17935 7ff62aa14f78 _get_daylight 11 API calls 17933->17935 17937 7ff62aa1108d 17934->17937 17940 7ff62aa110c9 17934->17940 17936 7ff62aa11072 17935->17936 17938 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 17936->17938 17939 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17937->17939 17946 7ff62aa1107d 17938->17946 17939->17946 17941 7ff62aa11445 17940->17941 17943 7ff62aa14f78 _get_daylight 11 API calls 17940->17943 17942 7ff62aa14f78 _get_daylight 11 API calls 17941->17942 17941->17946 17944 7ff62aa116d9 17942->17944 17945 7ff62aa1143a 17943->17945 17947 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 17944->17947 17948 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 17945->17948 17946->17638 17947->17946 17948->17941 17950 7ff62aa10774 17949->17950 17977 7ff62aa104d4 17950->17977 17952 7ff62aa1078d 17952->17291 17989 7ff62aa1042c 17953->17989 17957 7ff62aa0c8c0 17956->17957 17958 7ff62aa02930 GetCurrentProcessId 17957->17958 17959 7ff62aa01c80 49 API calls 17958->17959 17960 7ff62aa02979 17959->17960 18003 7ff62aa149f4 17960->18003 17965 7ff62aa01c80 49 API calls 17966 7ff62aa029ff 17965->17966 18033 7ff62aa02620 17966->18033 17969 7ff62aa0c5c0 _log10_special 8 API calls 17970 7ff62aa02a31 17969->17970 17970->17331 17972 7ff62aa10189 17971->17972 17973 7ff62aa01b89 17971->17973 17974 7ff62aa14f78 _get_daylight 11 API calls 17972->17974 17973->17330 17973->17331 17975 7ff62aa1018e 17974->17975 17976 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 17975->17976 17976->17973 17978 7ff62aa1053e 17977->17978 17979 7ff62aa104fe 17977->17979 17978->17979 17981 7ff62aa1054a 17978->17981 17980 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 17979->17980 17982 7ff62aa10525 17980->17982 17988 7ff62aa154dc EnterCriticalSection 17981->17988 17982->17952 17990 7ff62aa10456 17989->17990 18001 7ff62aa01a20 17989->18001 17991 7ff62aa104a2 17990->17991 17992 7ff62aa10465 memcpy_s 17990->17992 17990->18001 18002 7ff62aa154dc EnterCriticalSection 17991->18002 17995 7ff62aa14f78 _get_daylight 11 API calls 17992->17995 17997 7ff62aa1047a 17995->17997 17999 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 17997->17999 17999->18001 18001->17299 18001->17300 18005 7ff62aa14a4e 18003->18005 18004 7ff62aa14a73 18007 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18004->18007 18005->18004 18006 7ff62aa14aaf 18005->18006 18042 7ff62aa12c80 18006->18042 18009 7ff62aa14a9d 18007->18009 18013 7ff62aa0c5c0 _log10_special 8 API calls 18009->18013 18010 7ff62aa14b8c 18012 7ff62aa1a9b8 __free_lconv_num 11 API calls 18010->18012 18012->18009 18014 7ff62aa029c3 18013->18014 18021 7ff62aa151d0 18014->18021 18015 7ff62aa14bb0 18015->18010 18018 7ff62aa14bba 18015->18018 18016 7ff62aa14b61 18019 7ff62aa1a9b8 __free_lconv_num 11 API calls 18016->18019 18017 7ff62aa14b58 18017->18010 18017->18016 18020 7ff62aa1a9b8 __free_lconv_num 11 API calls 18018->18020 18019->18009 18020->18009 18022 7ff62aa1b338 _get_daylight 11 API calls 18021->18022 18023 7ff62aa151e7 18022->18023 18024 7ff62aa1ec08 _get_daylight 11 API calls 18023->18024 18025 7ff62aa15227 18023->18025 18030 7ff62aa029e5 18023->18030 18026 7ff62aa1521c 18024->18026 18025->18030 18177 7ff62aa1ec90 18025->18177 18027 7ff62aa1a9b8 __free_lconv_num 11 API calls 18026->18027 18027->18025 18030->17965 18031 7ff62aa1a970 _isindst 17 API calls 18032 7ff62aa1526c 18031->18032 18034 7ff62aa0262f 18033->18034 18035 7ff62aa09400 2 API calls 18034->18035 18036 7ff62aa02660 18035->18036 18037 7ff62aa02683 MessageBoxA 18036->18037 18038 7ff62aa0266f MessageBoxW 18036->18038 18039 7ff62aa02690 18037->18039 18038->18039 18040 7ff62aa0c5c0 _log10_special 8 API calls 18039->18040 18041 7ff62aa026a0 18040->18041 18041->17969 18043 7ff62aa12cbe 18042->18043 18048 7ff62aa12cae 18042->18048 18044 7ff62aa12cc7 18043->18044 18052 7ff62aa12cf5 18043->18052 18045 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18044->18045 18047 7ff62aa12ced 18045->18047 18046 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18046->18047 18047->18010 18047->18015 18047->18016 18047->18017 18048->18046 18049 7ff62aa14830 45 API calls 18049->18052 18051 7ff62aa12fa4 18054 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18051->18054 18052->18047 18052->18048 18052->18049 18052->18051 18056 7ff62aa13610 18052->18056 18082 7ff62aa132d8 18052->18082 18112 7ff62aa12b60 18052->18112 18054->18048 18057 7ff62aa13652 18056->18057 18058 7ff62aa136c5 18056->18058 18059 7ff62aa13658 18057->18059 18060 7ff62aa136ef 18057->18060 18061 7ff62aa136ca 18058->18061 18062 7ff62aa1371f 18058->18062 18067 7ff62aa1365d 18059->18067 18070 7ff62aa1372e 18059->18070 18129 7ff62aa11bc0 18060->18129 18063 7ff62aa136cc 18061->18063 18064 7ff62aa136ff 18061->18064 18062->18060 18062->18070 18080 7ff62aa13688 18062->18080 18069 7ff62aa136db 18063->18069 18074 7ff62aa1366d 18063->18074 18136 7ff62aa117b0 18064->18136 18071 7ff62aa136a0 18067->18071 18067->18074 18067->18080 18069->18060 18075 7ff62aa136e0 18069->18075 18081 7ff62aa1375d 18070->18081 18143 7ff62aa11fd0 18070->18143 18071->18081 18125 7ff62aa14430 18071->18125 18074->18081 18115 7ff62aa13f74 18074->18115 18077 7ff62aa145c8 37 API calls 18075->18077 18075->18081 18076 7ff62aa0c5c0 _log10_special 8 API calls 18078 7ff62aa139f3 18076->18078 18077->18080 18078->18052 18080->18081 18150 7ff62aa1e8c8 18080->18150 18081->18076 18083 7ff62aa132f9 18082->18083 18084 7ff62aa132e3 18082->18084 18087 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18083->18087 18092 7ff62aa13337 18083->18092 18085 7ff62aa13652 18084->18085 18086 7ff62aa136c5 18084->18086 18084->18092 18088 7ff62aa13658 18085->18088 18089 7ff62aa136ef 18085->18089 18090 7ff62aa136ca 18086->18090 18091 7ff62aa1371f 18086->18091 18087->18092 18098 7ff62aa1365d 18088->18098 18101 7ff62aa1372e 18088->18101 18095 7ff62aa11bc0 38 API calls 18089->18095 18093 7ff62aa136cc 18090->18093 18094 7ff62aa136ff 18090->18094 18091->18089 18091->18101 18110 7ff62aa13688 18091->18110 18092->18052 18099 7ff62aa136db 18093->18099 18103 7ff62aa1366d 18093->18103 18096 7ff62aa117b0 38 API calls 18094->18096 18095->18110 18096->18110 18097 7ff62aa13f74 47 API calls 18097->18110 18100 7ff62aa136a0 18098->18100 18098->18103 18098->18110 18099->18089 18105 7ff62aa136e0 18099->18105 18104 7ff62aa14430 47 API calls 18100->18104 18111 7ff62aa1375d 18100->18111 18102 7ff62aa11fd0 38 API calls 18101->18102 18101->18111 18102->18110 18103->18097 18103->18111 18104->18110 18107 7ff62aa145c8 37 API calls 18105->18107 18105->18111 18106 7ff62aa0c5c0 _log10_special 8 API calls 18108 7ff62aa139f3 18106->18108 18107->18110 18108->18052 18109 7ff62aa1e8c8 47 API calls 18109->18110 18110->18109 18110->18111 18111->18106 18160 7ff62aa10d84 18112->18160 18116 7ff62aa13f96 18115->18116 18117 7ff62aa10bf0 12 API calls 18116->18117 18118 7ff62aa13fde 18117->18118 18119 7ff62aa1e5e0 46 API calls 18118->18119 18120 7ff62aa140b1 18119->18120 18121 7ff62aa14830 45 API calls 18120->18121 18123 7ff62aa140d3 18120->18123 18121->18123 18122 7ff62aa1415c 18122->18080 18123->18122 18124 7ff62aa14830 45 API calls 18123->18124 18124->18122 18126 7ff62aa14448 18125->18126 18128 7ff62aa144b0 18125->18128 18127 7ff62aa1e8c8 47 API calls 18126->18127 18126->18128 18127->18128 18128->18080 18130 7ff62aa11bf3 18129->18130 18131 7ff62aa11c22 18130->18131 18133 7ff62aa11cdf 18130->18133 18132 7ff62aa10bf0 12 API calls 18131->18132 18135 7ff62aa11c5f 18131->18135 18132->18135 18134 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18133->18134 18134->18135 18135->18080 18137 7ff62aa117e3 18136->18137 18138 7ff62aa11812 18137->18138 18140 7ff62aa118cf 18137->18140 18139 7ff62aa10bf0 12 API calls 18138->18139 18142 7ff62aa1184f 18138->18142 18139->18142 18141 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18140->18141 18141->18142 18142->18080 18144 7ff62aa12003 18143->18144 18145 7ff62aa12032 18144->18145 18147 7ff62aa120ef 18144->18147 18146 7ff62aa10bf0 12 API calls 18145->18146 18149 7ff62aa1206f 18145->18149 18146->18149 18148 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18147->18148 18148->18149 18149->18080 18151 7ff62aa1e8f0 18150->18151 18152 7ff62aa1e935 18151->18152 18154 7ff62aa14830 45 API calls 18151->18154 18156 7ff62aa1e8f5 memcpy_s 18151->18156 18159 7ff62aa1e91e memcpy_s 18151->18159 18155 7ff62aa20858 WideCharToMultiByte 18152->18155 18152->18156 18152->18159 18153 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18153->18156 18154->18152 18157 7ff62aa1ea11 18155->18157 18156->18080 18157->18156 18158 7ff62aa1ea26 GetLastError 18157->18158 18158->18156 18158->18159 18159->18153 18159->18156 18161 7ff62aa10db1 18160->18161 18162 7ff62aa10dc3 18160->18162 18163 7ff62aa14f78 _get_daylight 11 API calls 18161->18163 18164 7ff62aa10dd0 18162->18164 18169 7ff62aa10e0d 18162->18169 18165 7ff62aa10db6 18163->18165 18166 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 18164->18166 18167 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 18165->18167 18168 7ff62aa10dc1 18166->18168 18167->18168 18168->18052 18170 7ff62aa10eb6 18169->18170 18171 7ff62aa14f78 _get_daylight 11 API calls 18169->18171 18170->18168 18172 7ff62aa14f78 _get_daylight 11 API calls 18170->18172 18173 7ff62aa10eab 18171->18173 18174 7ff62aa10f60 18172->18174 18175 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 18173->18175 18176 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 18174->18176 18175->18170 18176->18168 18178 7ff62aa1ecad 18177->18178 18179 7ff62aa1524d 18178->18179 18182 7ff62aa1ecb2 18178->18182 18184 7ff62aa1ecfc 18178->18184 18179->18030 18179->18031 18180 7ff62aa14f78 _get_daylight 11 API calls 18181 7ff62aa1ecbc 18180->18181 18183 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 18181->18183 18182->18179 18182->18180 18183->18179 18184->18179 18185 7ff62aa14f78 _get_daylight 11 API calls 18184->18185 18185->18181 18187 7ff62aa182c8 18186->18187 18188 7ff62aa182b5 18186->18188 18196 7ff62aa17f2c 18187->18196 18189 7ff62aa14f78 _get_daylight 11 API calls 18188->18189 18191 7ff62aa182ba 18189->18191 18193 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 18191->18193 18194 7ff62aa182c6 18193->18194 18194->17351 18203 7ff62aa20348 EnterCriticalSection 18196->18203 18205 7ff62aa087a1 GetTokenInformation 18204->18205 18207 7ff62aa08823 __vcrt_freefls 18204->18207 18206 7ff62aa087c2 GetLastError 18205->18206 18208 7ff62aa087cd 18205->18208 18206->18207 18206->18208 18209 7ff62aa08836 CloseHandle 18207->18209 18210 7ff62aa0883c 18207->18210 18208->18207 18211 7ff62aa087e9 GetTokenInformation 18208->18211 18209->18210 18210->17356 18211->18207 18212 7ff62aa0880c 18211->18212 18212->18207 18213 7ff62aa08816 ConvertSidToStringSidW 18212->18213 18213->18207 18215 7ff62aa0c8c0 18214->18215 18216 7ff62aa02b74 GetCurrentProcessId 18215->18216 18217 7ff62aa026b0 48 API calls 18216->18217 18218 7ff62aa02bc7 18217->18218 18219 7ff62aa14c48 48 API calls 18218->18219 18220 7ff62aa02c10 MessageBoxW 18219->18220 18221 7ff62aa0c5c0 _log10_special 8 API calls 18220->18221 18222 7ff62aa02c40 18221->18222 18222->17367 18224 7ff62aa025e5 18223->18224 18225 7ff62aa14c48 48 API calls 18224->18225 18226 7ff62aa02604 18225->18226 18226->17382 18262 7ff62aa18804 18227->18262 18231 7ff62aa081cc 18230->18231 18232 7ff62aa09400 2 API calls 18231->18232 18233 7ff62aa081eb 18232->18233 18234 7ff62aa08206 ExpandEnvironmentStringsW 18233->18234 18235 7ff62aa081f3 18233->18235 18393 7ff62aa0455a 18392->18393 18394 7ff62aa09400 2 API calls 18393->18394 18395 7ff62aa0457f 18394->18395 18396 7ff62aa0c5c0 _log10_special 8 API calls 18395->18396 18397 7ff62aa045a7 18396->18397 18397->17418 18399 7ff62aa07e1e 18398->18399 18400 7ff62aa07f42 18399->18400 18401 7ff62aa01c80 49 API calls 18399->18401 18402 7ff62aa0c5c0 _log10_special 8 API calls 18400->18402 18406 7ff62aa07ea5 18401->18406 18403 7ff62aa07f73 18402->18403 18403->17418 18404 7ff62aa01c80 49 API calls 18404->18406 18405 7ff62aa04550 10 API calls 18405->18406 18406->18400 18406->18404 18406->18405 18407 7ff62aa09400 2 API calls 18406->18407 18408 7ff62aa07f13 CreateDirectoryW 18407->18408 18408->18400 18408->18406 18410 7ff62aa01613 18409->18410 18411 7ff62aa01637 18409->18411 18530 7ff62aa01050 18410->18530 18413 7ff62aa045b0 108 API calls 18411->18413 18415 7ff62aa0164b 18413->18415 18414 7ff62aa01618 18417 7ff62aa01653 18415->18417 18418 7ff62aa01682 18415->18418 18421 7ff62aa14f78 _get_daylight 11 API calls 18417->18421 18419 7ff62aa045b0 108 API calls 18418->18419 18422 7ff62aa01696 18419->18422 18423 7ff62aa01658 18421->18423 18424 7ff62aa0169e 18422->18424 18425 7ff62aa016b8 18422->18425 18426 7ff62aa02910 54 API calls 18423->18426 18458 7ff62aa07134 18457->18458 18459 7ff62aa0717b 18457->18459 18458->18459 18594 7ff62aa15094 18458->18594 18459->17418 18462 7ff62aa04191 18461->18462 18463 7ff62aa044d0 49 API calls 18462->18463 18464 7ff62aa041cb 18463->18464 18465 7ff62aa044d0 49 API calls 18464->18465 18466 7ff62aa041db 18465->18466 18467 7ff62aa041fd 18466->18467 18468 7ff62aa0422c 18466->18468 18609 7ff62aa04100 18467->18609 18470 7ff62aa04100 51 API calls 18468->18470 18471 7ff62aa0422a 18470->18471 18506 7ff62aa01c80 49 API calls 18505->18506 18507 7ff62aa04464 18506->18507 18507->17418 18531 7ff62aa045b0 108 API calls 18530->18531 18532 7ff62aa0108c 18531->18532 18533 7ff62aa01094 18532->18533 18534 7ff62aa010a9 18532->18534 18535 7ff62aa02710 54 API calls 18533->18535 18536 7ff62aa10744 73 API calls 18534->18536 18542 7ff62aa010a4 __vcrt_freefls 18535->18542 18537 7ff62aa010bf 18536->18537 18538 7ff62aa010c3 18537->18538 18539 7ff62aa010e6 18537->18539 18542->18414 18595 7ff62aa150ce 18594->18595 18596 7ff62aa150a1 18594->18596 18598 7ff62aa150f1 18595->18598 18599 7ff62aa1510d 18595->18599 18597 7ff62aa14f78 _get_daylight 11 API calls 18596->18597 18606 7ff62aa15058 18596->18606 18600 7ff62aa150ab 18597->18600 18601 7ff62aa14f78 _get_daylight 11 API calls 18598->18601 18602 7ff62aa14fbc 45 API calls 18599->18602 18603 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 18600->18603 18604 7ff62aa150f6 18601->18604 18608 7ff62aa15101 18602->18608 18605 7ff62aa150b6 18603->18605 18607 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 18604->18607 18605->18458 18606->18458 18607->18608 18608->18458 18610 7ff62aa04126 18609->18610 18673 7ff62aa15f38 18672->18673 18674 7ff62aa15f5e 18673->18674 18676 7ff62aa15f91 18673->18676 18675 7ff62aa14f78 _get_daylight 11 API calls 18674->18675 18677 7ff62aa15f63 18675->18677 18678 7ff62aa15f97 18676->18678 18679 7ff62aa15fa4 18676->18679 18680 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 18677->18680 18681 7ff62aa14f78 _get_daylight 11 API calls 18678->18681 18691 7ff62aa1ac98 18679->18691 18683 7ff62aa04606 18680->18683 18681->18683 18683->17444 18704 7ff62aa20348 EnterCriticalSection 18691->18704 19064 7ff62aa17968 19063->19064 19067 7ff62aa17444 19064->19067 19066 7ff62aa17981 19066->17454 19068 7ff62aa1748e 19067->19068 19069 7ff62aa1745f 19067->19069 19077 7ff62aa154dc EnterCriticalSection 19068->19077 19071 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 19069->19071 19073 7ff62aa1747f 19071->19073 19073->19066 19079 7ff62aa0fee1 19078->19079 19080 7ff62aa0feb3 19078->19080 19087 7ff62aa0fed3 19079->19087 19088 7ff62aa154dc EnterCriticalSection 19079->19088 19081 7ff62aa1a884 _invalid_parameter_noinfo 37 API calls 19080->19081 19081->19087 19087->17458 19090 7ff62aa045b0 108 API calls 19089->19090 19091 7ff62aa01493 19090->19091 19092 7ff62aa014bc 19091->19092 19093 7ff62aa0149b 19091->19093 19196 7ff62aa06365 19195->19196 19197 7ff62aa01c80 49 API calls 19196->19197 19198 7ff62aa063a1 19197->19198 19199 7ff62aa063cd 19198->19199 19200 7ff62aa063aa 19198->19200 19202 7ff62aa04620 49 API calls 19199->19202 19201 7ff62aa02710 54 API calls 19200->19201 19218 7ff62aa063c3 19201->19218 19203 7ff62aa063e5 19202->19203 19204 7ff62aa06403 19203->19204 19206 7ff62aa02710 54 API calls 19203->19206 19207 7ff62aa04550 10 API calls 19204->19207 19205 7ff62aa0c5c0 _log10_special 8 API calls 19208 7ff62aa0336e 19205->19208 19206->19204 19218->19205 19470 7ff62aa1b1c0 __CxxCallCatchBlock 45 API calls 19469->19470 19471 7ff62aa1a451 19470->19471 19472 7ff62aa1a574 __CxxCallCatchBlock 45 API calls 19471->19472 19473 7ff62aa1a471 19472->19473 15918 7ff62aa15698 15919 7ff62aa156cf 15918->15919 15920 7ff62aa156b2 15918->15920 15919->15920 15921 7ff62aa156e2 CreateFileW 15919->15921 15969 7ff62aa14f58 15920->15969 15923 7ff62aa15716 15921->15923 15924 7ff62aa1574c 15921->15924 15943 7ff62aa157ec GetFileType 15923->15943 15978 7ff62aa15c74 15924->15978 15932 7ff62aa1572b CloseHandle 15938 7ff62aa156ca 15932->15938 15933 7ff62aa15741 CloseHandle 15933->15938 15934 7ff62aa15780 16004 7ff62aa15a34 15934->16004 15935 7ff62aa15755 15999 7ff62aa14eec 15935->15999 15942 7ff62aa1575f 15942->15938 15944 7ff62aa158f7 15943->15944 15945 7ff62aa1583a 15943->15945 15947 7ff62aa158ff 15944->15947 15948 7ff62aa15921 15944->15948 15946 7ff62aa15866 GetFileInformationByHandle 15945->15946 15950 7ff62aa15b70 21 API calls 15945->15950 15951 7ff62aa1588f 15946->15951 15952 7ff62aa15912 GetLastError 15946->15952 15947->15952 15953 7ff62aa15903 15947->15953 15949 7ff62aa15944 PeekNamedPipe 15948->15949 15967 7ff62aa158e2 15948->15967 15949->15967 15955 7ff62aa15854 15950->15955 15956 7ff62aa15a34 51 API calls 15951->15956 15954 7ff62aa14eec _fread_nolock 11 API calls 15952->15954 15957 7ff62aa14f78 _get_daylight 11 API calls 15953->15957 15954->15967 15955->15946 15955->15967 15959 7ff62aa1589a 15956->15959 15957->15967 16021 7ff62aa15994 15959->16021 15963 7ff62aa15994 10 API calls 15964 7ff62aa158b9 15963->15964 15965 7ff62aa15994 10 API calls 15964->15965 15966 7ff62aa158ca 15965->15966 15966->15967 15968 7ff62aa14f78 _get_daylight 11 API calls 15966->15968 16028 7ff62aa0c5c0 15967->16028 15968->15967 16042 7ff62aa1b338 GetLastError 15969->16042 15971 7ff62aa14f61 15972 7ff62aa14f78 15971->15972 15973 7ff62aa1b338 _get_daylight 11 API calls 15972->15973 15974 7ff62aa14f81 15973->15974 15975 7ff62aa1a950 15974->15975 16100 7ff62aa1a7e8 15975->16100 15977 7ff62aa1a969 15977->15938 15979 7ff62aa15caa 15978->15979 15980 7ff62aa14f78 _get_daylight 11 API calls 15979->15980 15998 7ff62aa15d42 __vcrt_freefls 15979->15998 15982 7ff62aa15cbc 15980->15982 15981 7ff62aa0c5c0 _log10_special 8 API calls 15983 7ff62aa15751 15981->15983 15984 7ff62aa14f78 _get_daylight 11 API calls 15982->15984 15983->15934 15983->15935 15985 7ff62aa15cc4 15984->15985 16152 7ff62aa17e78 15985->16152 15987 7ff62aa15cd9 15988 7ff62aa15ceb 15987->15988 15989 7ff62aa15ce1 15987->15989 15991 7ff62aa14f78 _get_daylight 11 API calls 15988->15991 15990 7ff62aa14f78 _get_daylight 11 API calls 15989->15990 15995 7ff62aa15ce6 15990->15995 15992 7ff62aa15cf0 15991->15992 15993 7ff62aa14f78 _get_daylight 11 API calls 15992->15993 15992->15998 15994 7ff62aa15cfa 15993->15994 15996 7ff62aa17e78 45 API calls 15994->15996 15997 7ff62aa15d34 GetDriveTypeW 15995->15997 15995->15998 15996->15995 15997->15998 15998->15981 16000 7ff62aa1b338 _get_daylight 11 API calls 15999->16000 16001 7ff62aa14ef9 __free_lconv_num 16000->16001 16002 7ff62aa1b338 _get_daylight 11 API calls 16001->16002 16003 7ff62aa14f1b 16002->16003 16003->15942 16006 7ff62aa15a5c 16004->16006 16005 7ff62aa1578d 16014 7ff62aa15b70 16005->16014 16006->16005 16246 7ff62aa1f794 16006->16246 16008 7ff62aa15af0 16008->16005 16009 7ff62aa1f794 51 API calls 16008->16009 16010 7ff62aa15b03 16009->16010 16010->16005 16011 7ff62aa1f794 51 API calls 16010->16011 16012 7ff62aa15b16 16011->16012 16012->16005 16013 7ff62aa1f794 51 API calls 16012->16013 16013->16005 16015 7ff62aa15b8a 16014->16015 16016 7ff62aa15b9a 16015->16016 16017 7ff62aa15bc1 16015->16017 16019 7ff62aa14eec _fread_nolock 11 API calls 16016->16019 16020 7ff62aa15baa 16016->16020 16018 7ff62aa1f628 21 API calls 16017->16018 16018->16020 16019->16020 16020->15942 16022 7ff62aa159bd FileTimeToSystemTime 16021->16022 16023 7ff62aa159b0 16021->16023 16024 7ff62aa159d1 SystemTimeToTzSpecificLocalTime 16022->16024 16025 7ff62aa159b8 16022->16025 16023->16022 16023->16025 16024->16025 16026 7ff62aa0c5c0 _log10_special 8 API calls 16025->16026 16027 7ff62aa158a9 16026->16027 16027->15963 16029 7ff62aa0c5c9 16028->16029 16030 7ff62aa0c950 IsProcessorFeaturePresent 16029->16030 16031 7ff62aa0c5d4 16029->16031 16032 7ff62aa0c968 16030->16032 16031->15932 16031->15933 16037 7ff62aa0cb48 RtlCaptureContext 16032->16037 16038 7ff62aa0cb62 RtlLookupFunctionEntry 16037->16038 16039 7ff62aa0cb78 RtlVirtualUnwind 16038->16039 16040 7ff62aa0c97b 16038->16040 16039->16038 16039->16040 16041 7ff62aa0c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16040->16041 16043 7ff62aa1b379 FlsSetValue 16042->16043 16044 7ff62aa1b35c 16042->16044 16045 7ff62aa1b38b 16043->16045 16056 7ff62aa1b369 SetLastError 16043->16056 16044->16043 16044->16056 16059 7ff62aa1ec08 16045->16059 16049 7ff62aa1b3b8 FlsSetValue 16052 7ff62aa1b3d6 16049->16052 16053 7ff62aa1b3c4 FlsSetValue 16049->16053 16050 7ff62aa1b3a8 FlsSetValue 16051 7ff62aa1b3b1 16050->16051 16066 7ff62aa1a9b8 16051->16066 16072 7ff62aa1af64 16052->16072 16053->16051 16056->15971 16060 7ff62aa1ec19 _get_daylight 16059->16060 16061 7ff62aa1ec6a 16060->16061 16062 7ff62aa1ec4e HeapAlloc 16060->16062 16077 7ff62aa23600 16060->16077 16063 7ff62aa14f78 _get_daylight 10 API calls 16061->16063 16062->16060 16064 7ff62aa1b39a 16062->16064 16063->16064 16064->16049 16064->16050 16067 7ff62aa1a9bd RtlFreeHeap 16066->16067 16069 7ff62aa1a9ec 16066->16069 16068 7ff62aa1a9d8 GetLastError 16067->16068 16067->16069 16070 7ff62aa1a9e5 __free_lconv_num 16068->16070 16069->16056 16071 7ff62aa14f78 _get_daylight 9 API calls 16070->16071 16071->16069 16086 7ff62aa1ae3c 16072->16086 16080 7ff62aa23640 16077->16080 16085 7ff62aa20348 EnterCriticalSection 16080->16085 16098 7ff62aa20348 EnterCriticalSection 16086->16098 16101 7ff62aa1a813 16100->16101 16104 7ff62aa1a884 16101->16104 16103 7ff62aa1a83a 16103->15977 16114 7ff62aa1a5cc 16104->16114 16109 7ff62aa1a8bf 16109->16103 16115 7ff62aa1a5e8 GetLastError 16114->16115 16116 7ff62aa1a623 16114->16116 16117 7ff62aa1a5f8 16115->16117 16116->16109 16120 7ff62aa1a638 16116->16120 16127 7ff62aa1b400 16117->16127 16121 7ff62aa1a66c 16120->16121 16122 7ff62aa1a654 GetLastError SetLastError 16120->16122 16121->16109 16123 7ff62aa1a970 IsProcessorFeaturePresent 16121->16123 16122->16121 16124 7ff62aa1a983 16123->16124 16144 7ff62aa1a684 16124->16144 16128 7ff62aa1b43a FlsSetValue 16127->16128 16129 7ff62aa1b41f FlsGetValue 16127->16129 16130 7ff62aa1a613 SetLastError 16128->16130 16132 7ff62aa1b447 16128->16132 16129->16130 16131 7ff62aa1b434 16129->16131 16130->16116 16131->16128 16133 7ff62aa1ec08 _get_daylight 11 API calls 16132->16133 16134 7ff62aa1b456 16133->16134 16135 7ff62aa1b474 FlsSetValue 16134->16135 16136 7ff62aa1b464 FlsSetValue 16134->16136 16138 7ff62aa1b480 FlsSetValue 16135->16138 16139 7ff62aa1b492 16135->16139 16137 7ff62aa1b46d 16136->16137 16141 7ff62aa1a9b8 __free_lconv_num 11 API calls 16137->16141 16138->16137 16140 7ff62aa1af64 _get_daylight 11 API calls 16139->16140 16142 7ff62aa1b49a 16140->16142 16141->16130 16143 7ff62aa1a9b8 __free_lconv_num 11 API calls 16142->16143 16143->16130 16145 7ff62aa1a6be __CxxCallCatchBlock memcpy_s 16144->16145 16146 7ff62aa1a6e6 RtlCaptureContext RtlLookupFunctionEntry 16145->16146 16147 7ff62aa1a756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16146->16147 16148 7ff62aa1a720 RtlVirtualUnwind 16146->16148 16149 7ff62aa1a7a8 __CxxCallCatchBlock 16147->16149 16148->16147 16150 7ff62aa0c5c0 _log10_special 8 API calls 16149->16150 16151 7ff62aa1a7c7 GetCurrentProcess TerminateProcess 16150->16151 16153 7ff62aa17f02 16152->16153 16154 7ff62aa17e94 16152->16154 16189 7ff62aa20830 16153->16189 16154->16153 16156 7ff62aa17e99 16154->16156 16157 7ff62aa17ece 16156->16157 16158 7ff62aa17eb1 16156->16158 16172 7ff62aa17cbc GetFullPathNameW 16157->16172 16164 7ff62aa17c48 GetFullPathNameW 16158->16164 16163 7ff62aa17ec6 __vcrt_freefls 16163->15987 16165 7ff62aa17c6e GetLastError 16164->16165 16167 7ff62aa17c84 16164->16167 16166 7ff62aa14eec _fread_nolock 11 API calls 16165->16166 16168 7ff62aa17c7b 16166->16168 16169 7ff62aa17c80 16167->16169 16171 7ff62aa14f78 _get_daylight 11 API calls 16167->16171 16170 7ff62aa14f78 _get_daylight 11 API calls 16168->16170 16169->16163 16170->16169 16171->16169 16173 7ff62aa17cef GetLastError 16172->16173 16178 7ff62aa17d05 __vcrt_freefls 16172->16178 16174 7ff62aa14eec _fread_nolock 11 API calls 16173->16174 16175 7ff62aa17cfc 16174->16175 16176 7ff62aa14f78 _get_daylight 11 API calls 16175->16176 16177 7ff62aa17d01 16176->16177 16180 7ff62aa17d94 16177->16180 16178->16177 16179 7ff62aa17d5f GetFullPathNameW 16178->16179 16179->16173 16179->16177 16184 7ff62aa17e08 memcpy_s 16180->16184 16185 7ff62aa17dbd memcpy_s 16180->16185 16181 7ff62aa17df1 16182 7ff62aa14f78 _get_daylight 11 API calls 16181->16182 16183 7ff62aa17df6 16182->16183 16186 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16183->16186 16184->16163 16185->16181 16185->16184 16187 7ff62aa17e2a 16185->16187 16186->16184 16187->16184 16188 7ff62aa14f78 _get_daylight 11 API calls 16187->16188 16188->16183 16192 7ff62aa20640 16189->16192 16193 7ff62aa2066b 16192->16193 16194 7ff62aa20682 16192->16194 16195 7ff62aa14f78 _get_daylight 11 API calls 16193->16195 16196 7ff62aa206a7 16194->16196 16197 7ff62aa20686 16194->16197 16199 7ff62aa20670 16195->16199 16230 7ff62aa1f628 16196->16230 16218 7ff62aa207ac 16197->16218 16203 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16199->16203 16201 7ff62aa206ac 16207 7ff62aa20751 16201->16207 16213 7ff62aa206d3 16201->16213 16217 7ff62aa2067b __vcrt_freefls 16203->16217 16204 7ff62aa2068f 16205 7ff62aa14f58 _fread_nolock 11 API calls 16204->16205 16206 7ff62aa20694 16205->16206 16209 7ff62aa14f78 _get_daylight 11 API calls 16206->16209 16207->16193 16210 7ff62aa20759 16207->16210 16208 7ff62aa0c5c0 _log10_special 8 API calls 16211 7ff62aa207a1 16208->16211 16209->16199 16212 7ff62aa17c48 13 API calls 16210->16212 16211->16163 16212->16217 16214 7ff62aa17cbc 14 API calls 16213->16214 16215 7ff62aa20717 16214->16215 16216 7ff62aa17d94 37 API calls 16215->16216 16215->16217 16216->16217 16217->16208 16219 7ff62aa207f6 16218->16219 16220 7ff62aa207c6 16218->16220 16221 7ff62aa20801 GetDriveTypeW 16219->16221 16223 7ff62aa207e1 16219->16223 16222 7ff62aa14f58 _fread_nolock 11 API calls 16220->16222 16221->16223 16224 7ff62aa207cb 16222->16224 16226 7ff62aa0c5c0 _log10_special 8 API calls 16223->16226 16225 7ff62aa14f78 _get_daylight 11 API calls 16224->16225 16227 7ff62aa207d6 16225->16227 16228 7ff62aa2068b 16226->16228 16229 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16227->16229 16228->16201 16228->16204 16229->16223 16244 7ff62aa2a540 16230->16244 16232 7ff62aa1f65e GetCurrentDirectoryW 16233 7ff62aa1f69c 16232->16233 16234 7ff62aa1f675 16232->16234 16235 7ff62aa1ec08 _get_daylight 11 API calls 16233->16235 16236 7ff62aa0c5c0 _log10_special 8 API calls 16234->16236 16237 7ff62aa1f6ab 16235->16237 16238 7ff62aa1f709 16236->16238 16239 7ff62aa1f6b5 GetCurrentDirectoryW 16237->16239 16240 7ff62aa1f6c4 16237->16240 16238->16201 16239->16240 16242 7ff62aa1f6c9 16239->16242 16241 7ff62aa14f78 _get_daylight 11 API calls 16240->16241 16241->16242 16243 7ff62aa1a9b8 __free_lconv_num 11 API calls 16242->16243 16243->16234 16245 7ff62aa2a530 16244->16245 16245->16232 16245->16245 16247 7ff62aa1f7c5 16246->16247 16248 7ff62aa1f7a1 16246->16248 16250 7ff62aa1f7ff 16247->16250 16253 7ff62aa1f81e 16247->16253 16248->16247 16249 7ff62aa1f7a6 16248->16249 16251 7ff62aa14f78 _get_daylight 11 API calls 16249->16251 16252 7ff62aa14f78 _get_daylight 11 API calls 16250->16252 16254 7ff62aa1f7ab 16251->16254 16255 7ff62aa1f804 16252->16255 16263 7ff62aa14fbc 16253->16263 16257 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16254->16257 16258 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 16255->16258 16259 7ff62aa1f7b6 16257->16259 16261 7ff62aa1f80f 16258->16261 16259->16008 16260 7ff62aa2054c 51 API calls 16262 7ff62aa1f82b 16260->16262 16261->16008 16262->16260 16262->16261 16264 7ff62aa14fe0 16263->16264 16270 7ff62aa14fdb 16263->16270 16264->16270 16271 7ff62aa1b1c0 GetLastError 16264->16271 16270->16262 16272 7ff62aa1b201 FlsSetValue 16271->16272 16273 7ff62aa1b1e4 FlsGetValue 16271->16273 16275 7ff62aa1b213 16272->16275 16291 7ff62aa1b1f1 16272->16291 16274 7ff62aa1b1fb 16273->16274 16273->16291 16274->16272 16277 7ff62aa1ec08 _get_daylight 11 API calls 16275->16277 16276 7ff62aa1b26d SetLastError 16278 7ff62aa14ffb 16276->16278 16279 7ff62aa1b28d 16276->16279 16280 7ff62aa1b222 16277->16280 16293 7ff62aa1d9f4 16278->16293 16301 7ff62aa1a574 16279->16301 16282 7ff62aa1b240 FlsSetValue 16280->16282 16283 7ff62aa1b230 FlsSetValue 16280->16283 16286 7ff62aa1b24c FlsSetValue 16282->16286 16287 7ff62aa1b25e 16282->16287 16285 7ff62aa1b239 16283->16285 16289 7ff62aa1a9b8 __free_lconv_num 11 API calls 16285->16289 16286->16285 16288 7ff62aa1af64 _get_daylight 11 API calls 16287->16288 16290 7ff62aa1b266 16288->16290 16289->16291 16292 7ff62aa1a9b8 __free_lconv_num 11 API calls 16290->16292 16291->16276 16292->16276 16294 7ff62aa1501e 16293->16294 16295 7ff62aa1da09 16293->16295 16297 7ff62aa1da60 16294->16297 16295->16294 16345 7ff62aa23374 16295->16345 16298 7ff62aa1da88 16297->16298 16299 7ff62aa1da75 16297->16299 16298->16270 16299->16298 16358 7ff62aa226c0 16299->16358 16310 7ff62aa236c0 16301->16310 16336 7ff62aa23678 16310->16336 16341 7ff62aa20348 EnterCriticalSection 16336->16341 16346 7ff62aa1b1c0 __CxxCallCatchBlock 45 API calls 16345->16346 16347 7ff62aa23383 16346->16347 16348 7ff62aa233ce 16347->16348 16357 7ff62aa20348 EnterCriticalSection 16347->16357 16348->16294 16359 7ff62aa1b1c0 __CxxCallCatchBlock 45 API calls 16358->16359 16360 7ff62aa226c9 16359->16360 20178 7ff62aa21720 20189 7ff62aa27454 20178->20189 20191 7ff62aa27461 20189->20191 20190 7ff62aa1a9b8 __free_lconv_num 11 API calls 20190->20191 20191->20190 20192 7ff62aa2747d 20191->20192 20193 7ff62aa1a9b8 __free_lconv_num 11 API calls 20192->20193 20194 7ff62aa21729 20192->20194 20193->20192 20195 7ff62aa20348 EnterCriticalSection 20194->20195 19946 7ff62aa1c590 19957 7ff62aa20348 EnterCriticalSection 19946->19957 19474 7ff62aa1f9fc 19475 7ff62aa1fbee 19474->19475 19478 7ff62aa1fa3e _isindst 19474->19478 19476 7ff62aa14f78 _get_daylight 11 API calls 19475->19476 19494 7ff62aa1fbde 19476->19494 19477 7ff62aa0c5c0 _log10_special 8 API calls 19479 7ff62aa1fc09 19477->19479 19478->19475 19480 7ff62aa1fabe _isindst 19478->19480 19495 7ff62aa26204 19480->19495 19485 7ff62aa1fc1a 19487 7ff62aa1a970 _isindst 17 API calls 19485->19487 19489 7ff62aa1fc2e 19487->19489 19492 7ff62aa1fb1b 19492->19494 19519 7ff62aa26248 19492->19519 19494->19477 19496 7ff62aa26213 19495->19496 19500 7ff62aa1fadc 19495->19500 19526 7ff62aa20348 EnterCriticalSection 19496->19526 19501 7ff62aa25608 19500->19501 19502 7ff62aa1faf1 19501->19502 19503 7ff62aa25611 19501->19503 19502->19485 19507 7ff62aa25638 19502->19507 19504 7ff62aa14f78 _get_daylight 11 API calls 19503->19504 19505 7ff62aa25616 19504->19505 19506 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 19505->19506 19506->19502 19508 7ff62aa25641 19507->19508 19512 7ff62aa1fb02 19507->19512 19509 7ff62aa14f78 _get_daylight 11 API calls 19508->19509 19510 7ff62aa25646 19509->19510 19511 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 19510->19511 19511->19512 19512->19485 19513 7ff62aa25668 19512->19513 19514 7ff62aa1fb13 19513->19514 19515 7ff62aa25671 19513->19515 19514->19485 19514->19492 19516 7ff62aa14f78 _get_daylight 11 API calls 19515->19516 19517 7ff62aa25676 19516->19517 19518 7ff62aa1a950 _invalid_parameter_noinfo 37 API calls 19517->19518 19518->19514 19527 7ff62aa20348 EnterCriticalSection 19519->19527 20647 7ff62aa15480 20648 7ff62aa1548b 20647->20648 20656 7ff62aa1f314 20648->20656 20669 7ff62aa20348 EnterCriticalSection 20656->20669

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FF62AA08BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 0 7ff62aa08bd0-7ff62aa08d16 call 7ff62aa0c8c0 call 7ff62aa09400 SetConsoleCtrlHandler GetStartupInfoW call 7ff62aa15460 call 7ff62aa1a4ec call 7ff62aa1878c call 7ff62aa15460 call 7ff62aa1a4ec call 7ff62aa1878c call 7ff62aa15460 call 7ff62aa1a4ec call 7ff62aa1878c GetCommandLineW CreateProcessW 23 7ff62aa08d18-7ff62aa08d38 GetLastError call 7ff62aa02c50 0->23 24 7ff62aa08d3d-7ff62aa08d79 RegisterClassW 0->24 31 7ff62aa09029-7ff62aa0904f call 7ff62aa0c5c0 23->31 26 7ff62aa08d7b GetLastError 24->26 27 7ff62aa08d81-7ff62aa08dd5 CreateWindowExW 24->27 26->27 29 7ff62aa08dd7-7ff62aa08ddd GetLastError 27->29 30 7ff62aa08ddf-7ff62aa08de4 ShowWindow 27->30 32 7ff62aa08dea-7ff62aa08dfa WaitForSingleObject 29->32 30->32 34 7ff62aa08e78-7ff62aa08e7f 32->34 35 7ff62aa08dfc 32->35 36 7ff62aa08e81-7ff62aa08e91 WaitForSingleObject 34->36 37 7ff62aa08ec2-7ff62aa08ec9 34->37 39 7ff62aa08e00-7ff62aa08e03 35->39 40 7ff62aa08e97-7ff62aa08ea7 TerminateProcess 36->40 41 7ff62aa08fe8-7ff62aa08ff2 36->41 42 7ff62aa08ecf-7ff62aa08ee5 QueryPerformanceFrequency QueryPerformanceCounter 37->42 43 7ff62aa08fb0-7ff62aa08fc9 GetMessageW 37->43 44 7ff62aa08e0b-7ff62aa08e12 39->44 45 7ff62aa08e05 GetLastError 39->45 50 7ff62aa08ea9 GetLastError 40->50 51 7ff62aa08eaf-7ff62aa08ebd WaitForSingleObject 40->51 48 7ff62aa09001-7ff62aa09025 GetExitCodeProcess CloseHandle * 2 41->48 49 7ff62aa08ff4-7ff62aa08ffa DestroyWindow 41->49 52 7ff62aa08ef0-7ff62aa08f28 MsgWaitForMultipleObjects PeekMessageW 42->52 46 7ff62aa08fcb-7ff62aa08fd9 TranslateMessage DispatchMessageW 43->46 47 7ff62aa08fdf-7ff62aa08fe6 43->47 44->36 53 7ff62aa08e14-7ff62aa08e31 PeekMessageW 44->53 45->44 46->47 47->41 47->43 48->31 49->48 50->51 51->41 56 7ff62aa08f2a 52->56 57 7ff62aa08f63-7ff62aa08f6a 52->57 54 7ff62aa08e66-7ff62aa08e76 WaitForSingleObject 53->54 55 7ff62aa08e33-7ff62aa08e64 TranslateMessage DispatchMessageW PeekMessageW 53->55 54->34 54->39 55->54 55->55 58 7ff62aa08f30-7ff62aa08f61 TranslateMessage DispatchMessageW PeekMessageW 56->58 57->43 59 7ff62aa08f6c-7ff62aa08f95 QueryPerformanceCounter 57->59 58->57 58->58 59->52 60 7ff62aa08f9b-7ff62aa08fa2 59->60 60->41 61 7ff62aa08fa4-7ff62aa08fa8 60->61 61->43
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                                        • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                                        • API String ID: 3832162212-3165540532
                                                                                                                                                                                                                        • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                        • Instruction ID: b7a4932a52feb708b8ea0b51aaf8ce2c775f284b76526e1786e32d0b21f151a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2D19132A09B8286EF108F75EC542AD3760FF88B58F404275DA5D83AA8DFBCE556C705
                                                                                                                                                                                                                        Function 00007FF62AA01000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 62 7ff62aa01000-7ff62aa03806 call 7ff62aa0fe88 call 7ff62aa0fe90 call 7ff62aa0c8c0 call 7ff62aa15460 call 7ff62aa154f4 call 7ff62aa036b0 76 7ff62aa03814-7ff62aa03836 call 7ff62aa01950 62->76 77 7ff62aa03808-7ff62aa0380f 62->77 82 7ff62aa0383c-7ff62aa03856 call 7ff62aa01c80 76->82 83 7ff62aa0391b-7ff62aa03931 call 7ff62aa045b0 76->83 79 7ff62aa03c97-7ff62aa03cb2 call 7ff62aa0c5c0 77->79 87 7ff62aa0385b-7ff62aa0389b call 7ff62aa08a20 82->87 90 7ff62aa03933-7ff62aa03960 call 7ff62aa07f80 83->90 91 7ff62aa0396a-7ff62aa0397f call 7ff62aa02710 83->91 96 7ff62aa038c1-7ff62aa038cc call 7ff62aa14fa0 87->96 97 7ff62aa0389d-7ff62aa038a3 87->97 103 7ff62aa03984-7ff62aa039a6 call 7ff62aa01c80 90->103 104 7ff62aa03962-7ff62aa03965 call 7ff62aa100bc 90->104 99 7ff62aa03c8f 91->99 111 7ff62aa038d2-7ff62aa038e1 call 7ff62aa08a20 96->111 112 7ff62aa039fc-7ff62aa03a2a call 7ff62aa08b30 call 7ff62aa08b90 * 3 96->112 100 7ff62aa038a5-7ff62aa038ad 97->100 101 7ff62aa038af-7ff62aa038bd call 7ff62aa08b90 97->101 99->79 100->101 101->96 115 7ff62aa039b0-7ff62aa039b9 103->115 104->91 119 7ff62aa039f4-7ff62aa039f7 call 7ff62aa14fa0 111->119 120 7ff62aa038e7-7ff62aa038ed 111->120 138 7ff62aa03a2f-7ff62aa03a3e call 7ff62aa08a20 112->138 115->115 118 7ff62aa039bb-7ff62aa039d8 call 7ff62aa01950 115->118 118->87 130 7ff62aa039de-7ff62aa039ef call 7ff62aa02710 118->130 119->112 123 7ff62aa038f0-7ff62aa038fc 120->123 127 7ff62aa03905-7ff62aa03908 123->127 128 7ff62aa038fe-7ff62aa03903 123->128 127->119 131 7ff62aa0390e-7ff62aa03916 call 7ff62aa14fa0 127->131 128->123 128->127 130->99 131->138 141 7ff62aa03b45-7ff62aa03b53 138->141 142 7ff62aa03a44-7ff62aa03a47 138->142 143 7ff62aa03b59-7ff62aa03b5d 141->143 144 7ff62aa03a67 141->144 142->141 145 7ff62aa03a4d-7ff62aa03a50 142->145 146 7ff62aa03a6b-7ff62aa03a90 call 7ff62aa14fa0 143->146 144->146 147 7ff62aa03b14-7ff62aa03b17 145->147 148 7ff62aa03a56-7ff62aa03a5a 145->148 156 7ff62aa03a92-7ff62aa03aa6 call 7ff62aa08b30 146->156 157 7ff62aa03aab-7ff62aa03ac0 146->157 151 7ff62aa03b2f-7ff62aa03b40 call 7ff62aa02710 147->151 152 7ff62aa03b19-7ff62aa03b1d 147->152 148->147 150 7ff62aa03a60 148->150 150->144 160 7ff62aa03c7f-7ff62aa03c87 151->160 152->151 153 7ff62aa03b1f-7ff62aa03b2a 152->153 153->146 156->157 161 7ff62aa03be8-7ff62aa03bfa call 7ff62aa08a20 157->161 162 7ff62aa03ac6-7ff62aa03aca 157->162 160->99 170 7ff62aa03c2e 161->170 171 7ff62aa03bfc-7ff62aa03c02 161->171 164 7ff62aa03ad0-7ff62aa03ae8 call 7ff62aa152c0 162->164 165 7ff62aa03bcd-7ff62aa03be2 call 7ff62aa01940 162->165 175 7ff62aa03b62-7ff62aa03b7a call 7ff62aa152c0 164->175 176 7ff62aa03aea-7ff62aa03b02 call 7ff62aa152c0 164->176 165->161 165->162 177 7ff62aa03c31-7ff62aa03c40 call 7ff62aa14fa0 170->177 173 7ff62aa03c04-7ff62aa03c1c 171->173 174 7ff62aa03c1e-7ff62aa03c2c 171->174 173->177 174->177 184 7ff62aa03b7c-7ff62aa03b80 175->184 185 7ff62aa03b87-7ff62aa03b9f call 7ff62aa152c0 175->185 176->165 186 7ff62aa03b08-7ff62aa03b0f 176->186 187 7ff62aa03d41-7ff62aa03d63 call 7ff62aa044d0 177->187 188 7ff62aa03c46-7ff62aa03c4a 177->188 184->185 201 7ff62aa03ba1-7ff62aa03ba5 185->201 202 7ff62aa03bac-7ff62aa03bc4 call 7ff62aa152c0 185->202 186->165 199 7ff62aa03d65-7ff62aa03d6f call 7ff62aa04620 187->199 200 7ff62aa03d71-7ff62aa03d82 call 7ff62aa01c80 187->200 189 7ff62aa03cd4-7ff62aa03ce6 call 7ff62aa08a20 188->189 190 7ff62aa03c50-7ff62aa03c5f call 7ff62aa090e0 188->190 205 7ff62aa03d35-7ff62aa03d3c 189->205 206 7ff62aa03ce8-7ff62aa03ceb 189->206 203 7ff62aa03cb3-7ff62aa03cb6 call 7ff62aa08850 190->203 204 7ff62aa03c61 190->204 214 7ff62aa03d87-7ff62aa03d96 199->214 200->214 201->202 202->165 216 7ff62aa03bc6 202->216 221 7ff62aa03cbb-7ff62aa03cbd 203->221 211 7ff62aa03c68 call 7ff62aa02710 204->211 205->211 206->205 212 7ff62aa03ced-7ff62aa03d10 call 7ff62aa01c80 206->212 222 7ff62aa03c6d-7ff62aa03c77 211->222 228 7ff62aa03d12-7ff62aa03d26 call 7ff62aa02710 call 7ff62aa14fa0 212->228 229 7ff62aa03d2b-7ff62aa03d33 call 7ff62aa14fa0 212->229 219 7ff62aa03dc4-7ff62aa03dda call 7ff62aa09400 214->219 220 7ff62aa03d98-7ff62aa03d9f 214->220 216->165 232 7ff62aa03ddc 219->232 233 7ff62aa03de8-7ff62aa03e04 SetDllDirectoryW 219->233 220->219 224 7ff62aa03da1-7ff62aa03da5 220->224 226 7ff62aa03cbf-7ff62aa03cc6 221->226 227 7ff62aa03cc8-7ff62aa03ccf 221->227 222->160 224->219 230 7ff62aa03da7-7ff62aa03dbe SetDllDirectoryW LoadLibraryExW 224->230 226->211 227->214 228->222 229->214 230->219 232->233 236 7ff62aa03f01-7ff62aa03f08 233->236 237 7ff62aa03e0a-7ff62aa03e19 call 7ff62aa08a20 233->237 242 7ff62aa03f0e-7ff62aa03f15 236->242 243 7ff62aa03ffc-7ff62aa04004 236->243 251 7ff62aa03e32-7ff62aa03e3c call 7ff62aa14fa0 237->251 252 7ff62aa03e1b-7ff62aa03e21 237->252 242->243 248 7ff62aa03f1b-7ff62aa03f25 call 7ff62aa033c0 242->248 244 7ff62aa04029-7ff62aa0405b call 7ff62aa036a0 call 7ff62aa03360 call 7ff62aa03670 call 7ff62aa06fb0 call 7ff62aa06d60 243->244 245 7ff62aa04006-7ff62aa04023 PostMessageW GetMessageW 243->245 245->244 248->222 258 7ff62aa03f2b-7ff62aa03f3f call 7ff62aa090c0 248->258 263 7ff62aa03ef2-7ff62aa03efc call 7ff62aa08b30 251->263 264 7ff62aa03e42-7ff62aa03e48 251->264 255 7ff62aa03e23-7ff62aa03e2b 252->255 256 7ff62aa03e2d-7ff62aa03e2f 252->256 255->256 256->251 269 7ff62aa03f64-7ff62aa03f7a call 7ff62aa08b30 call 7ff62aa08bd0 258->269 270 7ff62aa03f41-7ff62aa03f5e PostMessageW GetMessageW 258->270 263->236 264->263 268 7ff62aa03e4e-7ff62aa03e54 264->268 272 7ff62aa03e5f-7ff62aa03e61 268->272 273 7ff62aa03e56-7ff62aa03e58 268->273 285 7ff62aa03f7f-7ff62aa03fa7 call 7ff62aa06fb0 call 7ff62aa06d60 call 7ff62aa08ad0 269->285 270->269 272->236 274 7ff62aa03e67-7ff62aa03e83 call 7ff62aa06db0 call 7ff62aa07330 272->274 273->274 277 7ff62aa03e5a 273->277 289 7ff62aa03e85-7ff62aa03e8c 274->289 290 7ff62aa03e8e-7ff62aa03e95 274->290 277->236 309 7ff62aa03fe9-7ff62aa03ff7 call 7ff62aa01900 285->309 310 7ff62aa03fa9-7ff62aa03fb3 call 7ff62aa09200 285->310 292 7ff62aa03edb-7ff62aa03ef0 call 7ff62aa02a50 call 7ff62aa06fb0 call 7ff62aa06d60 289->292 293 7ff62aa03eaf-7ff62aa03eb9 call 7ff62aa071a0 290->293 294 7ff62aa03e97-7ff62aa03ea4 call 7ff62aa06df0 290->294 292->236 307 7ff62aa03ec4-7ff62aa03ed2 call 7ff62aa074e0 293->307 308 7ff62aa03ebb-7ff62aa03ec2 293->308 294->293 306 7ff62aa03ea6-7ff62aa03ead 294->306 306->292 307->236 318 7ff62aa03ed4 307->318 308->292 309->222 310->309 321 7ff62aa03fb5-7ff62aa03fca 310->321 318->292 322 7ff62aa03fe4 call 7ff62aa02a50 321->322 323 7ff62aa03fcc-7ff62aa03fdf call 7ff62aa02710 call 7ff62aa01900 321->323 322->309 323->222
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                        • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                        • Opcode ID: 230e5f2fbe18b706386c2e6c5de042c78cdf1bdf29ac743ce162c0a9040f007d
                                                                                                                                                                                                                        • Instruction ID: 67b040012f8869bf0cc3721e0bd71b5772ac42cefd55264ded25eb8e612ad576
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 230e5f2fbe18b706386c2e6c5de042c78cdf1bdf29ac743ce162c0a9040f007d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91329D21A0CB8291FF259B25DC543F967A1AF45784F8440F2DA4DC36C2EFACE56AC312
                                                                                                                                                                                                                        Function 00007FF62AA25C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 477 7ff62aa25c70-7ff62aa25cab call 7ff62aa255f8 call 7ff62aa25600 call 7ff62aa25668 484 7ff62aa25cb1-7ff62aa25cbc call 7ff62aa25608 477->484 485 7ff62aa25ed5-7ff62aa25f21 call 7ff62aa1a970 call 7ff62aa255f8 call 7ff62aa25600 call 7ff62aa25668 477->485 484->485 490 7ff62aa25cc2-7ff62aa25ccc 484->490 510 7ff62aa25f27-7ff62aa25f32 call 7ff62aa25608 485->510 511 7ff62aa2605f-7ff62aa260cd call 7ff62aa1a970 call 7ff62aa215e8 485->511 492 7ff62aa25cee-7ff62aa25cf2 490->492 493 7ff62aa25cce-7ff62aa25cd1 490->493 497 7ff62aa25cf5-7ff62aa25cfd 492->497 495 7ff62aa25cd4-7ff62aa25cdf 493->495 498 7ff62aa25cea-7ff62aa25cec 495->498 499 7ff62aa25ce1-7ff62aa25ce8 495->499 497->497 501 7ff62aa25cff-7ff62aa25d12 call 7ff62aa1d66c 497->501 498->492 503 7ff62aa25d1b-7ff62aa25d29 498->503 499->495 499->498 508 7ff62aa25d2a-7ff62aa25d36 call 7ff62aa1a9b8 501->508 509 7ff62aa25d14-7ff62aa25d16 call 7ff62aa1a9b8 501->509 519 7ff62aa25d3d-7ff62aa25d45 508->519 509->503 510->511 522 7ff62aa25f38-7ff62aa25f43 call 7ff62aa25638 510->522 531 7ff62aa260db-7ff62aa260de 511->531 532 7ff62aa260cf-7ff62aa260d6 511->532 519->519 520 7ff62aa25d47-7ff62aa25d58 call 7ff62aa204e4 519->520 520->485 530 7ff62aa25d5e-7ff62aa25db4 call 7ff62aa2a540 * 4 call 7ff62aa25b8c 520->530 522->511 529 7ff62aa25f49-7ff62aa25f6c call 7ff62aa1a9b8 GetTimeZoneInformation 522->529 543 7ff62aa25f72-7ff62aa25f93 529->543 544 7ff62aa26034-7ff62aa2605e call 7ff62aa255f0 call 7ff62aa255e0 call 7ff62aa255e8 529->544 589 7ff62aa25db6-7ff62aa25dba 530->589 536 7ff62aa260e0 531->536 537 7ff62aa26115-7ff62aa26128 call 7ff62aa1d66c 531->537 535 7ff62aa2616b-7ff62aa2616e 532->535 541 7ff62aa260e3 535->541 542 7ff62aa26174-7ff62aa2617c call 7ff62aa25c70 535->542 536->541 552 7ff62aa2612a 537->552 553 7ff62aa26133-7ff62aa2614e call 7ff62aa215e8 537->553 547 7ff62aa260e8-7ff62aa26114 call 7ff62aa1a9b8 call 7ff62aa0c5c0 541->547 548 7ff62aa260e3 call 7ff62aa25eec 541->548 542->547 550 7ff62aa25f9e-7ff62aa25fa5 543->550 551 7ff62aa25f95-7ff62aa25f9b 543->551 548->547 559 7ff62aa25fa7-7ff62aa25faf 550->559 560 7ff62aa25fb9 550->560 551->550 558 7ff62aa2612c-7ff62aa26131 call 7ff62aa1a9b8 552->558 576 7ff62aa26150-7ff62aa26153 553->576 577 7ff62aa26155-7ff62aa26167 call 7ff62aa1a9b8 553->577 558->536 559->560 566 7ff62aa25fb1-7ff62aa25fb7 559->566 569 7ff62aa25fbb-7ff62aa2602f call 7ff62aa2a540 * 4 call 7ff62aa22bcc call 7ff62aa26184 * 2 560->569 566->569 569->544 576->558 577->535 592 7ff62aa25dbc 589->592 593 7ff62aa25dc0-7ff62aa25dc4 589->593 592->593 593->589 595 7ff62aa25dc6-7ff62aa25deb call 7ff62aa16bc8 593->595 601 7ff62aa25dee-7ff62aa25df2 595->601 603 7ff62aa25e01-7ff62aa25e05 601->603 604 7ff62aa25df4-7ff62aa25dff 601->604 603->601 604->603 606 7ff62aa25e07-7ff62aa25e0b 604->606 608 7ff62aa25e0d-7ff62aa25e35 call 7ff62aa16bc8 606->608 609 7ff62aa25e8c-7ff62aa25e90 606->609 617 7ff62aa25e37 608->617 618 7ff62aa25e53-7ff62aa25e57 608->618 610 7ff62aa25e97-7ff62aa25ea4 609->610 611 7ff62aa25e92-7ff62aa25e94 609->611 613 7ff62aa25ea6-7ff62aa25ebc call 7ff62aa25b8c 610->613 614 7ff62aa25ebf-7ff62aa25ece call 7ff62aa255f0 call 7ff62aa255e0 610->614 611->610 613->614 614->485 621 7ff62aa25e3a-7ff62aa25e41 617->621 618->609 623 7ff62aa25e59-7ff62aa25e77 call 7ff62aa16bc8 618->623 621->618 625 7ff62aa25e43-7ff62aa25e51 621->625 629 7ff62aa25e83-7ff62aa25e8a 623->629 625->618 625->621 629->609 630 7ff62aa25e79-7ff62aa25e7d 629->630 630->609 631 7ff62aa25e7f 630->631 631->629
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF62AA25CB5
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA25608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62AA2561C
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA1A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF62AA22D92,?,?,?,00007FF62AA22DCF,?,?,00000000,00007FF62AA23295,?,?,?,00007FF62AA231C7), ref: 00007FF62AA1A9CE
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA1A9B8: GetLastError.KERNEL32(?,?,?,00007FF62AA22D92,?,?,?,00007FF62AA22DCF,?,?,00000000,00007FF62AA23295,?,?,?,00007FF62AA231C7), ref: 00007FF62AA1A9D8
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA1A970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF62AA1A94F,?,?,?,?,?,00007FF62AA1A83A), ref: 00007FF62AA1A979
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA1A970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF62AA1A94F,?,?,?,?,?,00007FF62AA1A83A), ref: 00007FF62AA1A99E
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF62AA25CA4
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA25668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62AA2567C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF62AA25F1A
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF62AA25F2B
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF62AA25F3C
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62AA2617C), ref: 00007FF62AA25F63
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                        • API String ID: 4070488512-239921721
                                                                                                                                                                                                                        • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                        • Instruction ID: eed15ace22f759e915e3a0422ebd43c80f8148b39e7da3977f467558441e0765
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9DD1C132A0824386EF20DF26DC511B96761FF44794F448076EA4DC7A95EFBCE4628742
                                                                                                                                                                                                                        Function 00007FF62AA269D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 691 7ff62aa269d4-7ff62aa26a47 call 7ff62aa26708 694 7ff62aa26a49-7ff62aa26a52 call 7ff62aa14f58 691->694 695 7ff62aa26a61-7ff62aa26a6b call 7ff62aa18590 691->695 700 7ff62aa26a55-7ff62aa26a5c call 7ff62aa14f78 694->700 701 7ff62aa26a86-7ff62aa26aef CreateFileW 695->701 702 7ff62aa26a6d-7ff62aa26a84 call 7ff62aa14f58 call 7ff62aa14f78 695->702 714 7ff62aa26da2-7ff62aa26dc2 700->714 705 7ff62aa26b6c-7ff62aa26b77 GetFileType 701->705 706 7ff62aa26af1-7ff62aa26af7 701->706 702->700 708 7ff62aa26b79-7ff62aa26bb4 GetLastError call 7ff62aa14eec CloseHandle 705->708 709 7ff62aa26bca-7ff62aa26bd1 705->709 711 7ff62aa26b39-7ff62aa26b67 GetLastError call 7ff62aa14eec 706->711 712 7ff62aa26af9-7ff62aa26afd 706->712 708->700 725 7ff62aa26bba-7ff62aa26bc5 call 7ff62aa14f78 708->725 717 7ff62aa26bd9-7ff62aa26bdc 709->717 718 7ff62aa26bd3-7ff62aa26bd7 709->718 711->700 712->711 719 7ff62aa26aff-7ff62aa26b37 CreateFileW 712->719 723 7ff62aa26be2-7ff62aa26c37 call 7ff62aa184a8 717->723 724 7ff62aa26bde 717->724 718->723 719->705 719->711 729 7ff62aa26c56-7ff62aa26c87 call 7ff62aa26488 723->729 730 7ff62aa26c39-7ff62aa26c45 call 7ff62aa26910 723->730 724->723 725->700 737 7ff62aa26c89-7ff62aa26c8b 729->737 738 7ff62aa26c8d-7ff62aa26ccf 729->738 730->729 736 7ff62aa26c47 730->736 739 7ff62aa26c49-7ff62aa26c51 call 7ff62aa1ab30 736->739 737->739 740 7ff62aa26cf1-7ff62aa26cfc 738->740 741 7ff62aa26cd1-7ff62aa26cd5 738->741 739->714 744 7ff62aa26da0 740->744 745 7ff62aa26d02-7ff62aa26d06 740->745 741->740 743 7ff62aa26cd7-7ff62aa26cec 741->743 743->740 744->714 745->744 746 7ff62aa26d0c-7ff62aa26d51 CloseHandle CreateFileW 745->746 748 7ff62aa26d86-7ff62aa26d9b 746->748 749 7ff62aa26d53-7ff62aa26d81 GetLastError call 7ff62aa14eec call 7ff62aa186d0 746->749 748->744 749->748
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                        • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                        • Instruction ID: f61182b1fbfb81ec90ba41fc52b128f786f05fd2267b8303c2aac27ae53aff09
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72C1B132B29A4586EF10CF69C8906AC3761EB49B98F015275DF2E97BD4CF78D462C301
                                                                                                                                                                                                                        Function 00007FF62AA25EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 957 7ff62aa25eec-7ff62aa25f21 call 7ff62aa255f8 call 7ff62aa25600 call 7ff62aa25668 964 7ff62aa25f27-7ff62aa25f32 call 7ff62aa25608 957->964 965 7ff62aa2605f-7ff62aa260cd call 7ff62aa1a970 call 7ff62aa215e8 957->965 964->965 971 7ff62aa25f38-7ff62aa25f43 call 7ff62aa25638 964->971 977 7ff62aa260db-7ff62aa260de 965->977 978 7ff62aa260cf-7ff62aa260d6 965->978 971->965 976 7ff62aa25f49-7ff62aa25f6c call 7ff62aa1a9b8 GetTimeZoneInformation 971->976 987 7ff62aa25f72-7ff62aa25f93 976->987 988 7ff62aa26034-7ff62aa2605e call 7ff62aa255f0 call 7ff62aa255e0 call 7ff62aa255e8 976->988 981 7ff62aa260e0 977->981 982 7ff62aa26115-7ff62aa26128 call 7ff62aa1d66c 977->982 980 7ff62aa2616b-7ff62aa2616e 978->980 985 7ff62aa260e3 980->985 986 7ff62aa26174-7ff62aa2617c call 7ff62aa25c70 980->986 981->985 995 7ff62aa2612a 982->995 996 7ff62aa26133-7ff62aa2614e call 7ff62aa215e8 982->996 990 7ff62aa260e8-7ff62aa26114 call 7ff62aa1a9b8 call 7ff62aa0c5c0 985->990 991 7ff62aa260e3 call 7ff62aa25eec 985->991 986->990 993 7ff62aa25f9e-7ff62aa25fa5 987->993 994 7ff62aa25f95-7ff62aa25f9b 987->994 991->990 1001 7ff62aa25fa7-7ff62aa25faf 993->1001 1002 7ff62aa25fb9 993->1002 994->993 1000 7ff62aa2612c-7ff62aa26131 call 7ff62aa1a9b8 995->1000 1015 7ff62aa26150-7ff62aa26153 996->1015 1016 7ff62aa26155-7ff62aa26167 call 7ff62aa1a9b8 996->1016 1000->981 1001->1002 1007 7ff62aa25fb1-7ff62aa25fb7 1001->1007 1009 7ff62aa25fbb-7ff62aa2602f call 7ff62aa2a540 * 4 call 7ff62aa22bcc call 7ff62aa26184 * 2 1002->1009 1007->1009 1009->988 1015->1000 1016->980
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF62AA25F1A
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA25668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62AA2567C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF62AA25F2B
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA25608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62AA2561C
                                                                                                                                                                                                                        • _get_daylight.LIBCMT ref: 00007FF62AA25F3C
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA25638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62AA2564C
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA1A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF62AA22D92,?,?,?,00007FF62AA22DCF,?,?,00000000,00007FF62AA23295,?,?,?,00007FF62AA231C7), ref: 00007FF62AA1A9CE
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA1A9B8: GetLastError.KERNEL32(?,?,?,00007FF62AA22D92,?,?,?,00007FF62AA22DCF,?,?,00000000,00007FF62AA23295,?,?,?,00007FF62AA231C7), ref: 00007FF62AA1A9D8
                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF62AA2617C), ref: 00007FF62AA25F63
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                        • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                                        • API String ID: 3458911817-239921721
                                                                                                                                                                                                                        • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                        • Instruction ID: c82f70dc870a747dd9a0efbc90c9296ee66fe3794b494317cd33d03347c980a5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF51B432A0864286EB20DF26EC915B97760FF48784F4491B9EA4DC3F96DFBCE4528741
                                                                                                                                                                                                                        Function 00007FF62AA092F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                        • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                        • Instruction ID: 42e90d8a71fcb80385192c4ea48d4e164e9cc5e380cf764e525cdb22d2296a8a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8CF06822A1D74287FFA08F60B8897667390BF84764F040379DAAD42BD4DF7CE05A8E01
                                                                                                                                                                                                                        Function 00007FF62AA20938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1010374628-0
                                                                                                                                                                                                                        • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                        • Instruction ID: cbeebcbdbd33450ee70e376cb06e29e248fd9932a0837833ad6e4d7bd6ad00bf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0021321A0D74240FF61AF129C022796690BF45B90F454AB5ED5EC6BDADEFDEC638302
                                                                                                                                                                                                                        Function 00007FF62AA01950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 329 7ff62aa01950-7ff62aa0198b call 7ff62aa045b0 332 7ff62aa01991-7ff62aa019d1 call 7ff62aa07f80 329->332 333 7ff62aa01c4e-7ff62aa01c72 call 7ff62aa0c5c0 329->333 338 7ff62aa01c3b-7ff62aa01c3e call 7ff62aa100bc 332->338 339 7ff62aa019d7-7ff62aa019e7 call 7ff62aa10744 332->339 343 7ff62aa01c43-7ff62aa01c4b 338->343 344 7ff62aa019e9-7ff62aa01a03 call 7ff62aa14f78 call 7ff62aa02910 339->344 345 7ff62aa01a08-7ff62aa01a24 call 7ff62aa1040c 339->345 343->333 344->338 350 7ff62aa01a45-7ff62aa01a5a call 7ff62aa14f98 345->350 351 7ff62aa01a26-7ff62aa01a40 call 7ff62aa14f78 call 7ff62aa02910 345->351 359 7ff62aa01a5c-7ff62aa01a76 call 7ff62aa14f78 call 7ff62aa02910 350->359 360 7ff62aa01a7b-7ff62aa01afc call 7ff62aa01c80 * 2 call 7ff62aa10744 350->360 351->338 359->338 371 7ff62aa01b01-7ff62aa01b14 call 7ff62aa14fb4 360->371 374 7ff62aa01b35-7ff62aa01b4e call 7ff62aa1040c 371->374 375 7ff62aa01b16-7ff62aa01b30 call 7ff62aa14f78 call 7ff62aa02910 371->375 381 7ff62aa01b50-7ff62aa01b6a call 7ff62aa14f78 call 7ff62aa02910 374->381 382 7ff62aa01b6f-7ff62aa01b8b call 7ff62aa10180 374->382 375->338 381->338 389 7ff62aa01b9e-7ff62aa01bac 382->389 390 7ff62aa01b8d-7ff62aa01b99 call 7ff62aa02710 382->390 389->338 393 7ff62aa01bb2-7ff62aa01bb9 389->393 390->338 395 7ff62aa01bc1-7ff62aa01bc7 393->395 396 7ff62aa01be0-7ff62aa01bef 395->396 397 7ff62aa01bc9-7ff62aa01bd6 395->397 396->396 398 7ff62aa01bf1-7ff62aa01bfa 396->398 397->398 399 7ff62aa01c0f 398->399 400 7ff62aa01bfc-7ff62aa01bff 398->400 402 7ff62aa01c11-7ff62aa01c24 399->402 400->399 401 7ff62aa01c01-7ff62aa01c04 400->401 401->399 403 7ff62aa01c06-7ff62aa01c09 401->403 404 7ff62aa01c2d-7ff62aa01c39 402->404 405 7ff62aa01c26 402->405 403->399 406 7ff62aa01c0b-7ff62aa01c0d 403->406 404->338 404->395 405->404 406->402
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA07F80: _fread_nolock.LIBCMT ref: 00007FF62AA0802A
                                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF62AA01A1B
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62AA01B6A), ref: 00007FF62AA0295E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                        • Opcode ID: 7f967e8bf4bd65ccd330245f6cf3beef5728b9bf280203bc786e936cb306ff0d
                                                                                                                                                                                                                        • Instruction ID: f71635bdef88795134f1f73961bec14f13e0130a068d999d9143efd884a32ea6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f967e8bf4bd65ccd330245f6cf3beef5728b9bf280203bc786e936cb306ff0d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8981C371A0D68686EF61DB25D8413F933A0EF48784F4440B5EA8DC7B85DEBCE58B8742
                                                                                                                                                                                                                        Function 00007FF62AA01600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 407 7ff62aa01600-7ff62aa01611 408 7ff62aa01613-7ff62aa0161c call 7ff62aa01050 407->408 409 7ff62aa01637-7ff62aa01651 call 7ff62aa045b0 407->409 414 7ff62aa0162e-7ff62aa01636 408->414 415 7ff62aa0161e-7ff62aa01629 call 7ff62aa02710 408->415 416 7ff62aa01653-7ff62aa01681 call 7ff62aa14f78 call 7ff62aa02910 409->416 417 7ff62aa01682-7ff62aa0169c call 7ff62aa045b0 409->417 415->414 423 7ff62aa0169e-7ff62aa016b3 call 7ff62aa02710 417->423 424 7ff62aa016b8-7ff62aa016cf call 7ff62aa10744 417->424 431 7ff62aa01821-7ff62aa01824 call 7ff62aa100bc 423->431 432 7ff62aa016d1-7ff62aa016f4 call 7ff62aa14f78 call 7ff62aa02910 424->432 433 7ff62aa016f9-7ff62aa016fd 424->433 440 7ff62aa01829-7ff62aa0183b 431->440 445 7ff62aa01819-7ff62aa0181c call 7ff62aa100bc 432->445 436 7ff62aa016ff-7ff62aa0170b call 7ff62aa01210 433->436 437 7ff62aa01717-7ff62aa01737 call 7ff62aa14fb4 433->437 442 7ff62aa01710-7ff62aa01712 436->442 446 7ff62aa01761-7ff62aa0176c 437->446 447 7ff62aa01739-7ff62aa0175c call 7ff62aa14f78 call 7ff62aa02910 437->447 442->445 445->431 451 7ff62aa01802-7ff62aa0180a call 7ff62aa14fa0 446->451 452 7ff62aa01772-7ff62aa01777 446->452 459 7ff62aa0180f-7ff62aa01814 447->459 451->459 454 7ff62aa01780-7ff62aa017a2 call 7ff62aa1040c 452->454 462 7ff62aa017a4-7ff62aa017bc call 7ff62aa10b4c 454->462 463 7ff62aa017da-7ff62aa017e6 call 7ff62aa14f78 454->463 459->445 468 7ff62aa017c5-7ff62aa017d8 call 7ff62aa14f78 462->468 469 7ff62aa017be-7ff62aa017c1 462->469 470 7ff62aa017ed-7ff62aa017f8 call 7ff62aa02910 463->470 468->470 469->454 471 7ff62aa017c3 469->471 474 7ff62aa017fd 470->474 471->474 474->451
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                                        • API String ID: 2050909247-1550345328
                                                                                                                                                                                                                        • Opcode ID: 607fb3d22e1abd3d0ea9d943795872ea3e60594e8e3d1f768179a624c21a25df
                                                                                                                                                                                                                        • Instruction ID: 831874870be036f28ca69ef61f0c195ebb11e086f8e0659a2b4e643017b2c7a7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 607fb3d22e1abd3d0ea9d943795872ea3e60594e8e3d1f768179a624c21a25df
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB51BE61B0964392EF109B229C003FA63A0BF44B94F4445B1EE4C87BD6DFBDE55B8742
                                                                                                                                                                                                                        Function 00007FF62AA08850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(?,?,00000000,00007FF62AA03CBB), ref: 00007FF62AA088F4
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00007FF62AA03CBB), ref: 00007FF62AA088FA
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(?,00000000,00007FF62AA03CBB), ref: 00007FF62AA0893C
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08A20: GetEnvironmentVariableW.KERNEL32(00007FF62AA0388E), ref: 00007FF62AA08A57
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF62AA08A79
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA182A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF62AA182C1
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02810: MessageBoxW.USER32 ref: 00007FF62AA028EA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                                        • API String ID: 3563477958-1339014028
                                                                                                                                                                                                                        • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                        • Instruction ID: a67de1898bd0bc4223c826248eb5a7a01dc6fecd4a7093b3ece7d82b2da0e5e2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A41B111A0974255FF20EB26AC553BA2390AF89BC0F5400B1ED0DC77DADEBCE5078342
                                                                                                                                                                                                                        Function 00007FF62AA01210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 754 7ff62aa01210-7ff62aa0126d call 7ff62aa0bdf0 757 7ff62aa0126f-7ff62aa01296 call 7ff62aa02710 754->757 758 7ff62aa01297-7ff62aa012af call 7ff62aa14fb4 754->758 763 7ff62aa012d4-7ff62aa012e4 call 7ff62aa14fb4 758->763 764 7ff62aa012b1-7ff62aa012cf call 7ff62aa14f78 call 7ff62aa02910 758->764 769 7ff62aa01309-7ff62aa0131b 763->769 770 7ff62aa012e6-7ff62aa01304 call 7ff62aa14f78 call 7ff62aa02910 763->770 777 7ff62aa01439-7ff62aa0144e call 7ff62aa0bad0 call 7ff62aa14fa0 * 2 764->777 773 7ff62aa01320-7ff62aa01345 call 7ff62aa1040c 769->773 770->777 783 7ff62aa01431 773->783 784 7ff62aa0134b-7ff62aa01355 call 7ff62aa10180 773->784 791 7ff62aa01453-7ff62aa0146d 777->791 783->777 784->783 790 7ff62aa0135b-7ff62aa01367 784->790 792 7ff62aa01370-7ff62aa01398 call 7ff62aa0a230 790->792 795 7ff62aa0139a-7ff62aa0139d 792->795 796 7ff62aa01416-7ff62aa0142c call 7ff62aa02710 792->796 797 7ff62aa01411 795->797 798 7ff62aa0139f-7ff62aa013a9 795->798 796->783 797->796 800 7ff62aa013d4-7ff62aa013d7 798->800 801 7ff62aa013ab-7ff62aa013b9 call 7ff62aa10b4c 798->801 803 7ff62aa013ea-7ff62aa013ef 800->803 804 7ff62aa013d9-7ff62aa013e7 call 7ff62aa29ea0 800->804 806 7ff62aa013be-7ff62aa013c1 801->806 803->792 805 7ff62aa013f5-7ff62aa013f8 803->805 804->803 808 7ff62aa0140c-7ff62aa0140f 805->808 809 7ff62aa013fa-7ff62aa013fd 805->809 810 7ff62aa013c3-7ff62aa013cd call 7ff62aa10180 806->810 811 7ff62aa013cf-7ff62aa013d2 806->811 808->783 809->796 813 7ff62aa013ff-7ff62aa01407 809->813 810->803 810->811 811->796 813->773
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                        • Opcode ID: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                                        • Instruction ID: fa199e5d8f1a8889b9edddd7211cd4dac33998ca9f0bef0c518d17a1def88db5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15fc9c742c9fb12a8c4ab664e8e5c311509e27342d3a39e207e1bde7a43e7c65
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF51D262A0964246EF609B16EC403FA6290BF85B94F444171EE4DC7BD5EEBCE54BC302
                                                                                                                                                                                                                        Function 00007FF62AA036B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF62AA03804), ref: 00007FF62AA036E1
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA03804), ref: 00007FF62AA036EB
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62AA03706,?,00007FF62AA03804), ref: 00007FF62AA02C9E
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62AA03706,?,00007FF62AA03804), ref: 00007FF62AA02D63
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02C50: MessageBoxW.USER32 ref: 00007FF62AA02D99
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                        • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                        • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                        • Instruction ID: 7eaeb93e02ae426c6a7bfbe813f5e98965e7abd4161fc4bae11e3f29ac39567e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C21AE61B0CA4291FF20DB21EC403BA6250BF98384F8041B2E65DC2AD5EEACE10AC742
                                                                                                                                                                                                                        Function 00007FF62AA1BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 844 7ff62aa1bacc-7ff62aa1baf2 845 7ff62aa1bb0d-7ff62aa1bb11 844->845 846 7ff62aa1baf4-7ff62aa1bb08 call 7ff62aa14f58 call 7ff62aa14f78 844->846 848 7ff62aa1bee7-7ff62aa1bef3 call 7ff62aa14f58 call 7ff62aa14f78 845->848 849 7ff62aa1bb17-7ff62aa1bb1e 845->849 860 7ff62aa1befe 846->860 867 7ff62aa1bef9 call 7ff62aa1a950 848->867 849->848 851 7ff62aa1bb24-7ff62aa1bb52 849->851 851->848 854 7ff62aa1bb58-7ff62aa1bb5f 851->854 857 7ff62aa1bb78-7ff62aa1bb7b 854->857 858 7ff62aa1bb61-7ff62aa1bb73 call 7ff62aa14f58 call 7ff62aa14f78 854->858 863 7ff62aa1bb81-7ff62aa1bb87 857->863 864 7ff62aa1bee3-7ff62aa1bee5 857->864 858->867 865 7ff62aa1bf01-7ff62aa1bf18 860->865 863->864 868 7ff62aa1bb8d-7ff62aa1bb90 863->868 864->865 867->860 868->858 869 7ff62aa1bb92-7ff62aa1bbb7 868->869 872 7ff62aa1bbb9-7ff62aa1bbbb 869->872 873 7ff62aa1bbea-7ff62aa1bbf1 869->873 875 7ff62aa1bbbd-7ff62aa1bbc4 872->875 876 7ff62aa1bbe2-7ff62aa1bbe8 872->876 877 7ff62aa1bbc6-7ff62aa1bbdd call 7ff62aa14f58 call 7ff62aa14f78 call 7ff62aa1a950 873->877 878 7ff62aa1bbf3-7ff62aa1bc1b call 7ff62aa1d66c call 7ff62aa1a9b8 * 2 873->878 875->876 875->877 880 7ff62aa1bc68-7ff62aa1bc7f 876->880 909 7ff62aa1bd70 877->909 905 7ff62aa1bc38-7ff62aa1bc63 call 7ff62aa1c2f4 878->905 906 7ff62aa1bc1d-7ff62aa1bc33 call 7ff62aa14f78 call 7ff62aa14f58 878->906 883 7ff62aa1bcfa-7ff62aa1bd04 call 7ff62aa2398c 880->883 884 7ff62aa1bc81-7ff62aa1bc89 880->884 896 7ff62aa1bd0a-7ff62aa1bd1f 883->896 897 7ff62aa1bd8e 883->897 884->883 888 7ff62aa1bc8b-7ff62aa1bc8d 884->888 888->883 893 7ff62aa1bc8f-7ff62aa1bca5 888->893 893->883 898 7ff62aa1bca7-7ff62aa1bcb3 893->898 896->897 903 7ff62aa1bd21-7ff62aa1bd33 GetConsoleMode 896->903 901 7ff62aa1bd93-7ff62aa1bdb3 ReadFile 897->901 898->883 899 7ff62aa1bcb5-7ff62aa1bcb7 898->899 899->883 904 7ff62aa1bcb9-7ff62aa1bcd1 899->904 907 7ff62aa1bdb9-7ff62aa1bdc1 901->907 908 7ff62aa1bead-7ff62aa1beb6 GetLastError 901->908 903->897 910 7ff62aa1bd35-7ff62aa1bd3d 903->910 904->883 912 7ff62aa1bcd3-7ff62aa1bcdf 904->912 905->880 906->909 907->908 914 7ff62aa1bdc7 907->914 917 7ff62aa1beb8-7ff62aa1bece call 7ff62aa14f78 call 7ff62aa14f58 908->917 918 7ff62aa1bed3-7ff62aa1bed6 908->918 911 7ff62aa1bd73-7ff62aa1bd7d call 7ff62aa1a9b8 909->911 910->901 916 7ff62aa1bd3f-7ff62aa1bd61 ReadConsoleW 910->916 911->865 912->883 920 7ff62aa1bce1-7ff62aa1bce3 912->920 924 7ff62aa1bdce-7ff62aa1bde3 914->924 926 7ff62aa1bd63 GetLastError 916->926 927 7ff62aa1bd82-7ff62aa1bd8c 916->927 917->909 921 7ff62aa1bd69-7ff62aa1bd6b call 7ff62aa14eec 918->921 922 7ff62aa1bedc-7ff62aa1bede 918->922 920->883 931 7ff62aa1bce5-7ff62aa1bcf5 920->931 921->909 922->911 924->911 933 7ff62aa1bde5-7ff62aa1bdf0 924->933 926->921 927->924 931->883 937 7ff62aa1be17-7ff62aa1be1f 933->937 938 7ff62aa1bdf2-7ff62aa1be0b call 7ff62aa1b6e4 933->938 941 7ff62aa1be9b-7ff62aa1bea8 call 7ff62aa1b524 937->941 942 7ff62aa1be21-7ff62aa1be33 937->942 944 7ff62aa1be10-7ff62aa1be12 938->944 941->944 945 7ff62aa1be8e-7ff62aa1be96 942->945 946 7ff62aa1be35 942->946 944->911 945->911 947 7ff62aa1be3a-7ff62aa1be41 946->947 949 7ff62aa1be7d-7ff62aa1be88 947->949 950 7ff62aa1be43-7ff62aa1be47 947->950 949->945 951 7ff62aa1be49-7ff62aa1be50 950->951 952 7ff62aa1be63 950->952 951->952 953 7ff62aa1be52-7ff62aa1be56 951->953 954 7ff62aa1be69-7ff62aa1be79 952->954 953->952 955 7ff62aa1be58-7ff62aa1be61 953->955 954->947 956 7ff62aa1be7b 954->956 955->954 956->945
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                                        • Instruction ID: b8e61f9a64087efe2799cc889ae53e3c82edbb4b47c42c0dd187d216029b3b95
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3C1F422A0D786A2EF618B1998406BD7760EF81B80F5541B5EB4E877D1CFFCE8478302
                                                                                                                                                                                                                        Function 00007FF62AA08760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 995526605-0
                                                                                                                                                                                                                        • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                        • Instruction ID: 362d3eeed8fcc967aa81bba1a762f61aa65e6d3a159b9d0d55b3c9c038ee2cc8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14215E21A0C64242EF509B65F85427AB7A0FF857E0F104275EAAD83BE4DEACD45A8741
                                                                                                                                                                                                                        Function 00007FF62AA090E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08760: GetCurrentProcess.KERNEL32 ref: 00007FF62AA08780
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08760: OpenProcessToken.ADVAPI32 ref: 00007FF62AA08793
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08760: GetTokenInformation.KERNELBASE ref: 00007FF62AA087B8
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08760: GetLastError.KERNEL32 ref: 00007FF62AA087C2
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08760: GetTokenInformation.KERNELBASE ref: 00007FF62AA08802
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF62AA0881E
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA08760: CloseHandle.KERNEL32 ref: 00007FF62AA08836
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF62AA03C55), ref: 00007FF62AA0916C
                                                                                                                                                                                                                        • LocalFree.KERNEL32(?,00007FF62AA03C55), ref: 00007FF62AA09175
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                                        • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                                        • API String ID: 6828938-1529539262
                                                                                                                                                                                                                        • Opcode ID: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                                        • Instruction ID: 8779dc9540cafcd61adab91acbda66e73b6de16c9131c92137a30a7008894ed5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24211E21A0874286FB50AB21ED153FA6361FF98780F4440B5EA4DD3B96DFBCD5468742
                                                                                                                                                                                                                        Function 00007FF62AA07E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CreateDirectoryW.KERNELBASE(00000000,?,00007FF62AA0352C,?,00000000,00007FF62AA03F23), ref: 00007FF62AA07F22
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CreateDirectory
                                                                                                                                                                                                                        • String ID: %.*s$%s%c$\
                                                                                                                                                                                                                        • API String ID: 4241100979-1685191245
                                                                                                                                                                                                                        • Opcode ID: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                                        • Instruction ID: 09688cbd9eb6817f0de931b73886e9c4b3e8a75c3dc9404004dc3d3d3cb775bf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F31D021A19AC185EF218B21EC503EA6354EF84BE0F044271EE6D83BC9DFBCD646C701
                                                                                                                                                                                                                        Function 00007FF62AA1CFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62AA1CFBB), ref: 00007FF62AA1D0EC
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62AA1CFBB), ref: 00007FF62AA1D177
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 953036326-0
                                                                                                                                                                                                                        • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                        • Instruction ID: d5cfe8f916ae5fc7f32f52c3bb10000c5315f3e71cca7c919c02703ed5f6ca9b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B391B372F18752A9FF609F659C402BD6BA0AF44B88F1441B9DE0E97A85DEBCD443C702
                                                                                                                                                                                                                        Function 00007FF62AA1F9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_isindst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4170891091-0
                                                                                                                                                                                                                        • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                        • Instruction ID: f86ceb489f148866e4097fc02e38a88f40efef4b8e2074c9a49b2606e7b2d67f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D351E372F082529AEF24DF249D916BC67A1AF04358F500177DE1ED2AE5DF7CA4438701
                                                                                                                                                                                                                        Function 00007FF62AA157EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2780335769-0
                                                                                                                                                                                                                        • Opcode ID: 6433626fc0a770ba4f6d83c09f3326f67990d509dea1b3a303c7df294cc1bd66
                                                                                                                                                                                                                        • Instruction ID: 7b6784d8c8767994f9550922012235b3edfef31af78217d992c2a0f93b60a933
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6433626fc0a770ba4f6d83c09f3326f67990d509dea1b3a303c7df294cc1bd66
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 38518D62E086429AFF10DFB1D8503BD23A1EF48B58F148475DE4D9BA89EFB8D4528702
                                                                                                                                                                                                                        Function 00007FF62AA15698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                        • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                        • Instruction ID: 0245ed9a1a8ecaf2a26b5234ac40e38f0bb41d1ff32e94acc628d66160ed0222
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C41C622D1878293FB508F219A5137973A0FF94764F108375EA9C43AD1DFBCA4E28741
                                                                                                                                                                                                                        Function 00007FF62AA0CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                        • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                        • Instruction ID: fcb42fb5d10f2b690698be838d662c960e2b6a27f3cd0c528cf0c6c7cadf70ea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5315A21E0C20356FF54AF65DC613B92791AF41384F4444B5EA4ECB2D3DEADA80BC243
                                                                                                                                                                                                                        Function 00007FF62AA101AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                        • Instruction ID: d0549ce0b71cc09f3f3217c239b0ea7fbd8b77f7099fffad720ee9bfb5d54a91
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9512661B09642A6FF289E369C0267A7291BF44BA4F144774EE6DD77C5CFBCE4038602
                                                                                                                                                                                                                        Function 00007FF62AA1C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                        • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                        • Instruction ID: 5074b4de7b6b2b7f3ae11e7979f33497d0a01b54d6606124156d581f120c56c7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB11C161618B8192DF208B25AC04179A361FF45BF4F544371EE7D8BBE9CEBCD4128701
                                                                                                                                                                                                                        Function 00007FF62AA15994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62AA158A9), ref: 00007FF62AA159C7
                                                                                                                                                                                                                        • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF62AA158A9), ref: 00007FF62AA159DD
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1707611234-0
                                                                                                                                                                                                                        • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                        • Instruction ID: dc9ec006ccf734cc218ada9aa370feda315573bfba2ac9cd05889c3e96f5b1d1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C511913261C64282EF648B11A84113AB7A0FF84771F500276FAADC19D8EFACE016CF01
                                                                                                                                                                                                                        Function 00007FF62AA1A9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • RtlFreeHeap.NTDLL(?,?,?,00007FF62AA22D92,?,?,?,00007FF62AA22DCF,?,?,00000000,00007FF62AA23295,?,?,?,00007FF62AA231C7), ref: 00007FF62AA1A9CE
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF62AA22D92,?,?,?,00007FF62AA22DCF,?,?,00000000,00007FF62AA23295,?,?,?,00007FF62AA231C7), ref: 00007FF62AA1A9D8
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                        • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                        • Instruction ID: 69b27ce03a78046f164676079b2fb88786cc07316a8bdc369caef37983132383
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16E08690F0920363FF145BB26C451781150AF84B40F0440B0D91DC62A1EEAC68978312
                                                                                                                                                                                                                        Function 00007FF62AA1ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CloseHandle.KERNELBASE(?,?,?,00007FF62AA1AA45,?,?,00000000,00007FF62AA1AAFA), ref: 00007FF62AA1AC36
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF62AA1AA45,?,?,00000000,00007FF62AA1AAFA), ref: 00007FF62AA1AC40
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                        • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                        • Instruction ID: ade823148442a9a525333e2beb7766aba5fcfe36848eb8f9f14966e2ecc2128b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA219331F1C68252FFA557A19C9027912829F84BA0F4842B5DA2FC77D5CEECE4478312
                                                                                                                                                                                                                        Function 00007FF62AA1BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                                        • Instruction ID: 4d4b14480c82851bcd8f14ad4611bcbf70939d77d180a8a778050fc21969235f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A241D032A0934197EF749B29E94027973A0EF56B80F104175DB8EC3691CFADE403CBA2
                                                                                                                                                                                                                        Function 00007FF62AA07F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                        • Opcode ID: a04a6dff0443a84ee3e7d7b85ba5df040c793d2a730aad3af21426add8a99984
                                                                                                                                                                                                                        • Instruction ID: f4d2af9e12d7658ae0ec6a83f799315741e5ef221ef1da4be53c7324933b4a2e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a04a6dff0443a84ee3e7d7b85ba5df040c793d2a730aad3af21426add8a99984
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D21A621B0865296FF509F226D043BAA651BF49BD4F8C5470EE4D87B86CEBDE043C706
                                                                                                                                                                                                                        Function 00007FF62AA1B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                        • Instruction ID: 833ead1eb43f5fffba216f4571b03cd023fea983c1380eca827674422b2a7dee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2d5c35b5412ec9e3d722ee101ab37b91f6ea8aa9dcca92d1d4e84e7f868c2b8f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D531BE72A18642A7FF516B598C4137C2660AF40FA4F5201B5EA6D873E2DFFCE4438762
                                                                                                                                                                                                                        Function 00007FF62AA16004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                        • Instruction ID: bfc1beaba9e2d5206c016a579a3b12bd080f315d37d1f54727b67b04dcfad43c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2119022A1C74292EF619F519C0027EA2A0AF85B80F4440B1EB8DD7B96DFBDD4428782
                                                                                                                                                                                                                        Function 00007FF62AA263C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                        • Instruction ID: 1fa25d65e19aefcc274feae702fca97134763059185f8ac7fd5774c315f3e27f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E221C972618A8187DF618F1DD84037976A0FF84B54F144274EA9DC7AD5DF7DD8128B01
                                                                                                                                                                                                                        Function 00007FF62AA1042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                        • Instruction ID: 4362ba88c884b80c296c3236db56a70896b1dea993dabddc89d42694d689698e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3101A161B0875251EF04DF529D0217AB691BF85FE0F0846B1EEACA7BDADEBCE0124301
                                                                                                                                                                                                                        Function 00007FF62AA17F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                                        • Instruction ID: 0641774eecc5d116c35629025604b05370525d2e8e2132a4c069f7b099f8bd2a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D01CC20E0D383A0FF60AB256D0117A6590AF04790F5455B5FA1EC2BC6DFFCA447CA53
                                                                                                                                                                                                                        Function 00007FF62AA182A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                        • Instruction ID: 03f81b428fa91257708d8484cffaad29b6e3a9b9499e43827ef702abbd05b5df
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64E012A0E08B07A7FF153AB84D8227911105F69790F4155F0E91DD63C7DEED684B5623
                                                                                                                                                                                                                        Function 00007FF62AA1EC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,00000000,00007FF62AA1B39A,?,?,?,00007FF62AA14F81,?,?,?,?,00007FF62AA1A4FA), ref: 00007FF62AA1EC5D
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                        • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                        • Instruction ID: 28d40a3d4da44739ce36a235f91f5ab72ea70d9b807d6637221eb4a9c46859f9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46F09044F0930761FF765B669C513B652945F88B80F4C45B0CD0EC67D1DEDCE4938662
                                                                                                                                                                                                                        Function 00007FF62AA1D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF62AA10D00,?,?,?,00007FF62AA1236A,?,?,?,?,?,00007FF62AA13B59), ref: 00007FF62AA1D6AA
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                        • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                        • Instruction ID: 98ea61506db741fc5618199cf0bf2ae9a9eb0a6651cb604c93060bf34d5cbf06
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9F08C00F2930365FF646B725D01679A2905F94BA0F8C03B0DD3EC57C2DEECB4928222

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FF62AA05820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA05830
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA05842
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA05879
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA0588B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA058A4
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA058B6
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA058CF
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA058E1
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA058FD
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA0590F
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA0592B
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA0593D
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA05959
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA0596B
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA05987
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA05999
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA059B5
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA064BF,?,00007FF62AA0336E), ref: 00007FF62AA059C7
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                                        • API String ID: 199729137-653951865
                                                                                                                                                                                                                        • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                        • Instruction ID: 1797428e4b1dd5bf9901cce1b4f857edaa68ba07ee2efb9b65bac0a038786e12
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5322B424A0EB0792FF95DF66AC146B423A0AF04741F5490B5D91E82B60FFFCB16B9243
                                                                                                                                                                                                                        Function 00007FF62AA2411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                        • API String ID: 808467561-2761157908
                                                                                                                                                                                                                        • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                        • Instruction ID: 98b269f8bf2f8bbe62c706ea3e491585bc123d647363f290d5c5e6d221f4f0a3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93B2E172A182928BEB648F66D8407FD37A1FF54388F405175DA0E97E84DFBCA912CB41
                                                                                                                                                                                                                        Function 00007FF62AA083B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,00007FF62AA08B09,00007FF62AA03FA5), ref: 00007FF62AA0841B
                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF62AA08B09,00007FF62AA03FA5), ref: 00007FF62AA0849E
                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,00007FF62AA08B09,00007FF62AA03FA5), ref: 00007FF62AA084BD
                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,00007FF62AA08B09,00007FF62AA03FA5), ref: 00007FF62AA084CB
                                                                                                                                                                                                                        • FindClose.KERNEL32(?,00007FF62AA08B09,00007FF62AA03FA5), ref: 00007FF62AA084DC
                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?,00007FF62AA08B09,00007FF62AA03FA5), ref: 00007FF62AA084E5
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                                        • String ID: %s\*
                                                                                                                                                                                                                        • API String ID: 1057558799-766152087
                                                                                                                                                                                                                        • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                        • Instruction ID: 72fd9b45ed89f9583630c49dd18ae9b85fe63dcb9a8a2e542e9e59c611b51e11
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9416021A0CA4285EF609F35EC446B973A0FF98754F800272DA9DC2AD5DFBDE54B8706
                                                                                                                                                                                                                        Function 00007FF62AA0AD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                                        • API String ID: 0-2665694366
                                                                                                                                                                                                                        • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                        • Instruction ID: b25a7376910d06f77e518982d5762d879491fc6b6a3b94b49f0ff2cf73665d6f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB52F572A156A68BDBA48F14D958B7E3BA9FF44340F014139E68AC7780EFBDD841CB41
                                                                                                                                                                                                                        Function 00007FF62AA0D19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3140674995-0
                                                                                                                                                                                                                        • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                        • Instruction ID: 0bea403c5efe986304f927a0539a8e108433dfbb436b652f1cac2fa09df84b5f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8313B72609B818AEB608F61EC803EE7364FB84748F44443ADB4E87B98EF78D559C711
                                                                                                                                                                                                                        Function 00007FF62AA1A684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1239891234-0
                                                                                                                                                                                                                        • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                        • Instruction ID: 09197dfeb3b72c38c3c7a81f2f822b38fd10f7525feee8893af07e60b286de22
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9316D36618B818AEB60CF25EC402AE73A4FF88754F540135EA8D83B98EF7CD156CB01
                                                                                                                                                                                                                        Function 00007FF62AA218E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2227656907-0
                                                                                                                                                                                                                        • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                        • Instruction ID: 2532e16b6366655e615a2798eb999e11b2423f5fd74a4123d96050abb1978109
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8B1B336B1869241EF619F239D006B963A1EF44BE4F444172EE4E87F85EEBCE456C701
                                                                                                                                                                                                                        Function 00007FF62AA0D080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2933794660-0
                                                                                                                                                                                                                        • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                        • Instruction ID: b19c98eb78eb99180961683dba3b837dbc9753cba7174d94240f8357cbf21d45
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75114826B15B058AEF40CF71EC452B933A4FB19758F040E31DA6D86BA4DFB8D1658741
                                                                                                                                                                                                                        Function 00007FF62AA23C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: memcpy_s
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1502251526-0
                                                                                                                                                                                                                        • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                        • Instruction ID: f47c2abe79eee9feab27d6239995aa67db118ab6c0c7e43f28d84cbe63a37134
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88C12772B1C68687EB24CF1AA44466AB7A1FB94B84F409175DB4E83F44DF7DE816CB00
                                                                                                                                                                                                                        Function 00007FF62AA0A4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                                        • API String ID: 0-1127688429
                                                                                                                                                                                                                        • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                        • Instruction ID: fe4ffaf4c39104b85f931d53284cf49a2e52213cc7b7986e9befb7bb401aea19
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8FF19572A183D58BEBA58F14C888B3A7BE9FF45740F054578DA4A87390CFB8E946C741
                                                                                                                                                                                                                        Function 00007FF62AA29798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 15204871-0
                                                                                                                                                                                                                        • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                        • Instruction ID: 6e3592a5463ecc53c1cb8a309f66dfe328312305edce875090beb28e8c171ac1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BB14C73A04B858BEB15CF2AC84636C37A0FB44F58F188961DA5D83BA4CF79D462C701
                                                                                                                                                                                                                        Function 00007FF62AA13A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: $
                                                                                                                                                                                                                        • API String ID: 0-227171996
                                                                                                                                                                                                                        • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                        • Instruction ID: bf6b72a9f3919e2dea91bcb11f0abd53b892fa5aef62326ae6f2b39324664212
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1E1C432A0C646A6EFA88F29899013D33A0FF45B48F1445F5DA4E877D4DFA9E843C712
                                                                                                                                                                                                                        Function 00007FF62AA0A34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                                        • API String ID: 0-900081337
                                                                                                                                                                                                                        • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                        • Instruction ID: 9d5516b33d80ec6026350efeb0d2a75701714851158b49d80de1bdd902a15115
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C919872A182C687EBA48F14C848B7E3AA9FF44390F114179DB4A867C0DF79E542CB42
                                                                                                                                                                                                                        Function 00007FF62AA1DF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: e+000$gfff
                                                                                                                                                                                                                        • API String ID: 0-3030954782
                                                                                                                                                                                                                        • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                        • Instruction ID: 4a28c914e99a9e2f566ee8bda30d23fffe110862bfeda80c07717a913047c905
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30515872B182C156EB748E359C007796B91EB44B94F4882B1CB9887AC5CFBDE0468B02
                                                                                                                                                                                                                        Function 00007FF62AA1DACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: gfffffff
                                                                                                                                                                                                                        • API String ID: 0-1523873471
                                                                                                                                                                                                                        • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                        • Instruction ID: 626461b63d492f07625883acd75f84f7db0a9b913fd7d73826d4d61437efe878
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FA12563B0978596EF21CF29A8407B97B91EF64B84F048172DE8D87785DEBDE502C702
                                                                                                                                                                                                                        Function 00007FF62AA18804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: TMP
                                                                                                                                                                                                                        • API String ID: 3215553584-3125297090
                                                                                                                                                                                                                        • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                        • Instruction ID: 2e156f7670a7b413d1b6daf149a71d8f67ace035369704dc02fd126962651cb3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B51CE11F0874262FF64AB279D0157A9291AF88BC4F4845B4DE4EC77D6EEBDE4478202
                                                                                                                                                                                                                        Function 00007FF62AA234F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: HeapProcess
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                                                                                                        • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                        • Instruction ID: 9bf3dc39ecb64bc56bddc81f926d44ee9fc1dc84ccf84ed52e61c2838605bfd8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22B09220E07B02C3EF082B226C8222822A47F68700F9801B8C11C80730EE6C20F65712
                                                                                                                                                                                                                        Function 00007FF62AA13610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                        • Instruction ID: a78b2d8b5c086b3443d35cb4896de8765c241d6b467e00e32d1f286dcb054f37
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9ED1E566A08642A6EFA8CF29895027D23A0EF05B48F1442F5CE1D877D4DFBDE847C752
                                                                                                                                                                                                                        Function 00007FF62AA09870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                        • Instruction ID: aa42b002ae6f711105924b34a229dc2034b44ff3107b95d13a7f7090ef858c33
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEC1C0722181E08BD28AEB29E87947A73D0FB8930DB95406BEF87477C5CB3CA415DB11
                                                                                                                                                                                                                        Function 00007FF62AA12C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                        • Instruction ID: 907ff01d65027db26be7e9f49cedc81eaa7b521ee789d179cedb9453329fdd21
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ACB19F7290878599EF648F29C85023CBBA4FB49F48F280176CB4E87395CFB9D456CB42
                                                                                                                                                                                                                        Function 00007FF62AA1E5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                        • Instruction ID: 7d7370a82e455a2e79bdc609d4c37ddae5384dcba70a9e47fe25bf42ad86c9a6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6F810272A0C38196EB74CF19A84037ABA91FF85794F544275DA9D83B95CEBCE4418F02
                                                                                                                                                                                                                        Function 00007FF62AA26488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                                        • Instruction ID: caccd87a055b841c5bb5c77040152c4914272819000d5dd7958709d79d4dcef7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b78332369169aed8be6dd13cc6d08ed8a401c1151d3c5d6e5b3c154adaf735d2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3261EC22E0E29246FF688E2E8C5467DA681EF41760F1442BDD61DC6ED5DEFDEC128702
                                                                                                                                                                                                                        Function 00007FF62AA121D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                        • Instruction ID: da831eff602d33a8a81a5cc5d9f5808cc621bcafdd755dc2c0ab39e3ab336343
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB519376A1865196EB248B29C44027CB3A0FF95B68F244271CE8D877D4CFBEE857CB41
                                                                                                                                                                                                                        Function 00007FF62AA119B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                        • Instruction ID: e691fabce7e3f2af054e41d38dde8d7307e86b486bfe1056d7cb5f200721cba3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A651B476A28A5192EB248B29C44033937A0EF44F68F244179CE8D977D4DFBAE847C741
                                                                                                                                                                                                                        Function 00007FF62AA11DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                        • Instruction ID: 1914390e2a98e76f0eed7cdeafbc744344fc9a90a1a2ea610326e76808ebe376
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D751B636A1865296EB248B29C44063833A1EF45F58F244279CE4D877D4CFBAE847C781
                                                                                                                                                                                                                        Function 00007FF62AA11BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                        • Instruction ID: e9bacdcfded1dbb0b6de7473722bfa14de4d67e39fbc76ecee5314f75d8b303b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C251C336B28A5196EB258B29C84033837A1EF44F58F244179CE4C977A4CF7AE887CB41
                                                                                                                                                                                                                        Function 00007FF62AA11FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                        • Instruction ID: 880c77ac266b7ce0d436b2a8d5e446edb4e9493d330ad89c6369ffe6e3fd1eab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0651A336A1869196EB648B29C84023CB7A0EF54F58F244171CE4D977A8DFBAEC47CB41
                                                                                                                                                                                                                        Function 00007FF62AA117B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                        • Instruction ID: d76c4ce9ed8d2e000eca9ebfd48838d5bc0efd71eb973b18c0ab9e6402339d81
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E51D136A1865196EB248B28D84033C73A1EF44F58F248079CE4C97798DF7AE847C781
                                                                                                                                                                                                                        Function 00007FF62AA15DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                        • Instruction ID: 8a7f7ab5d1f151f4437794807c6f1e063ff19e9f8fbc7eab5178a8b37973b056
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D641BA62C1974B64FFE589684D04BB856809F62BA0E5C52F4DD99D33C3DE8C6987C203
                                                                                                                                                                                                                        Function 00007FF62AA19F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 485612231-0
                                                                                                                                                                                                                        • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                        • Instruction ID: 585a58e34eac930dc8f33564768791397173236ebdf607ffb261c27f2195fd6b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C341FF32714A5586EF48CF2ADE142B9B3A1BB48FD0B099432EE4ED7B58DE7DC4428701
                                                                                                                                                                                                                        Function 00007FF62AA18154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                        • Instruction ID: 059c9a8a0b92ea1c5b4fe9a540aeaf00ea25e16ad0e0eb1c23a9d956427554db
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C31C332B08B4282EB659F266C4013E7A95AF89B90F144278EA9DD3BD5DF7CD4134305
                                                                                                                                                                                                                        Function 00007FF62AA295E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                        • Instruction ID: 33cace40a09ea9a725673350eb37311f40526bd84e283cb1d1748c238c6ab7e5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BF068727182558ADFA88F69B80262977D0FB087C0F4090B9E58DC3B04DE7CD0629F15
                                                                                                                                                                                                                        Function 00007FF62AA0D37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                        • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                        • Instruction ID: 6b48413ff2190007bf35b3d28c772769972c365ba114ab81504fd013fadeb66b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9BA0022290DE0AD2EF488F11EC901356330FF60300B4000B1E10DC14B0DFBDA412D303
                                                                                                                                                                                                                        Function 00007FF62AA076B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressErrorLastProc
                                                                                                                                                                                                                        • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                                        • API String ID: 199729137-3427451314
                                                                                                                                                                                                                        • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                        • Instruction ID: 756adb995705c78f974a0c5adbea77f286750c248fcd1f86111fb093de3feaa2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5502C520E0EF07D2EF559F66EC146B42361AF04755F9040B6D91E82A60EFFCB56B8312
                                                                                                                                                                                                                        Function 00007FF62AA081C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA09400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62AA045E4,00000000,00007FF62AA01985), ref: 00007FF62AA09439
                                                                                                                                                                                                                        • ExpandEnvironmentStringsW.KERNEL32(?,00007FF62AA088A7,?,?,00000000,00007FF62AA03CBB), ref: 00007FF62AA0821C
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02810: MessageBoxW.USER32 ref: 00007FF62AA028EA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                                        • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                                        • API String ID: 1662231829-930877121
                                                                                                                                                                                                                        • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                        • Instruction ID: 5d177f481f60d2faf7dec584dc301f1cd3e939a24b97acc65827b360c810ea3f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4251B511A2DB4385FF509B25EC517BA7291EF98780F544072DA0EC2AD5EEBCE40B8746
                                                                                                                                                                                                                        Function 00007FF62AA02180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                        • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                        • Instruction ID: cd2d4e7605593df1d456dc5a4f0f412d8107dcd15d7a8687e2ef6a4d50aa7c7d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E751F8266087A187DB349F36E8581BAB7A1FB98B61F004125EFDE83694DF7CD046DB10
                                                                                                                                                                                                                        Function 00007FF62AA080B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                                        • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                                        • API String ID: 3975851968-2863640275
                                                                                                                                                                                                                        • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                        • Instruction ID: e1e14be936ebf343e7043adb3b80581d948f1de0a1dae0d37c14cc44e2a92b8b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60215321B09A4283EF554F7AEC542796250FF98B90F5842B1DF2DC37D4DEACD5A28306
                                                                                                                                                                                                                        Function 00007FF62AA16300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: -$:$f$p$p
                                                                                                                                                                                                                        • API String ID: 3215553584-2013873522
                                                                                                                                                                                                                        • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                        • Instruction ID: ffff19499e461e6586e0c3b8cfea3ef6bf4a0c3f412a0b5867d076f827380e59
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B12D372E0C153A6FF249A1CD9142B976A6FF40754FC48075E69AC76C4EFBDE4828B02
                                                                                                                                                                                                                        Function 00007FF62AA11038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: f$f$p$p$f
                                                                                                                                                                                                                        • API String ID: 3215553584-1325933183
                                                                                                                                                                                                                        • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                        • Instruction ID: 3293323e6dd2067167e330c3ae3387372619012256436e1581ac2b7d18ef6554
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD12C671E0C183A6FF609A15E814679B2A1FF40754FC84079E799C7AC4DFBDE48A8B06
                                                                                                                                                                                                                        Function 00007FF62AA01050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                        • Opcode ID: 0c31251e6cc82c47abebe2306b4fb6df75d7e9a8de90183b667ac336f21b0774
                                                                                                                                                                                                                        • Instruction ID: 6010c9da09e3b5bc13befdc4ec7d0fa689c593dbb53b152df07dc40344aa9d66
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0c31251e6cc82c47abebe2306b4fb6df75d7e9a8de90183b667ac336f21b0774
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65418F61B0865292EF14DB22AC007B96390BF54BC4F8444B1EE4C87796DFBCE54B8742
                                                                                                                                                                                                                        Function 00007FF62AA01470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                        • Opcode ID: 5a016122ccacf22d2f40e2f4ad7ae1084c068073363954eaa92016f2cfc1e0a1
                                                                                                                                                                                                                        • Instruction ID: 0686dfa597feac8de16496ce6578a7a051787c87fedc780742f5de11c53966d6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5a016122ccacf22d2f40e2f4ad7ae1084c068073363954eaa92016f2cfc1e0a1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33418D62A0864296EF10DF229C413F96390AF44784F4444B6EE4D8BB99DEBCE54B8742
                                                                                                                                                                                                                        Function 00007FF62AA0EA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                                        • String ID: csm$csm$csm
                                                                                                                                                                                                                        • API String ID: 849930591-393685449
                                                                                                                                                                                                                        • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                        • Instruction ID: 54af760dd79448e293b042b64c4197961d76b579a7c8edbaaf05aed5ad7f2ead
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3AD18F72A1874186EF20DB25D8803AD77A0FF45788F104176EE8D97B96DF78E492DB02
                                                                                                                                                                                                                        Function 00007FF62AA1ED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF62AA1F11A,?,?,00000194DA906BE8,00007FF62AA1ADC3,?,?,?,00007FF62AA1ACBA,?,?,?,00007FF62AA15FAE), ref: 00007FF62AA1EEFC
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF62AA1F11A,?,?,00000194DA906BE8,00007FF62AA1ADC3,?,?,?,00007FF62AA1ACBA,?,?,?,00007FF62AA15FAE), ref: 00007FF62AA1EF08
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                        • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                                        • API String ID: 3013587201-537541572
                                                                                                                                                                                                                        • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                        • Instruction ID: 876b45c6af3b510e1bbaa42dd26fbd9f9310f61d895f774017dfc5f7bb752932
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1241E521B19A1261FF66CB169C04AB52391BF49BD0F884579ED1EC7784EFFCE4068B42
                                                                                                                                                                                                                        Function 00007FF62AA02C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62AA03706,?,00007FF62AA03804), ref: 00007FF62AA02C9E
                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62AA03706,?,00007FF62AA03804), ref: 00007FF62AA02D63
                                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF62AA02D99
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                                        • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                                        • API String ID: 3940978338-251083826
                                                                                                                                                                                                                        • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                        • Instruction ID: 910dcd451dca8899699c2b72de5de40deaadb6e8779649b1a6fd993fd85fba2d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B031C522708B4152EB219B26AC402BBA695BF88798F410136EF4DD3B59DE7CD55BC701
                                                                                                                                                                                                                        Function 00007FF62AA0DD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF62AA0DFEA,?,?,?,00007FF62AA0DCDC,?,?,?,00007FF62AA0D8D9), ref: 00007FF62AA0DDBD
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF62AA0DFEA,?,?,?,00007FF62AA0DCDC,?,?,?,00007FF62AA0D8D9), ref: 00007FF62AA0DDCB
                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,?,?,00007FF62AA0DFEA,?,?,?,00007FF62AA0DCDC,?,?,?,00007FF62AA0D8D9), ref: 00007FF62AA0DDF5
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,00007FF62AA0DFEA,?,?,?,00007FF62AA0DCDC,?,?,?,00007FF62AA0D8D9), ref: 00007FF62AA0DE63
                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,?,?,00007FF62AA0DFEA,?,?,?,00007FF62AA0DCDC,?,?,?,00007FF62AA0D8D9), ref: 00007FF62AA0DE6F
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                                        • String ID: api-ms-
                                                                                                                                                                                                                        • API String ID: 2559590344-2084034818
                                                                                                                                                                                                                        • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                        • Instruction ID: 0b2b2c139ad324bd910c44f6f35fed22ef0e37dc61645dbe81a8f5541679c8be
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC31C122B0A70291EF52DB12AC007B523D4FF58BA0F594575EE1E8B780EFBCE4468302
                                                                                                                                                                                                                        Function 00007FF62AA06350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                        • Opcode ID: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                                        • Instruction ID: cca8f8b0fe73f83997c4609f6bbe0282ea8d23b26a6fdedd9f14999728c52cb7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C417F21A08A8791EF21DF25ED543E96311FF54384F800172EA5D83695EFBCE61BC782
                                                                                                                                                                                                                        Function 00007FF62AA02A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF62AA0351A,?,00000000,00007FF62AA03F23), ref: 00007FF62AA02AA0
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                        • API String ID: 2050909247-2900015858
                                                                                                                                                                                                                        • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                        • Instruction ID: 1a5210313d53d6c721f08fbebc36723102141697adf820ff46271a2b1d6d678b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F221837261978192EB619F61BC817E66394FF887C4F400176FE8C83659DFBCD14A8741
                                                                                                                                                                                                                        Function 00007FF62AA1B1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                        • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                        • Instruction ID: 534dc67cab748d7e71d007d1033af4e33a3ab11cdfe574da9da8d824477f8572
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B219F20F0E64262FFA867655E5117E51825F447B0F0047B5DA3EC7AD6EEACA8438703
                                                                                                                                                                                                                        Function 00007FF62AA27DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                                        • String ID: CONOUT$
                                                                                                                                                                                                                        • API String ID: 3230265001-3130406586
                                                                                                                                                                                                                        • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                        • Instruction ID: 5580626373ebb5153a5e154242ac86f33254037e8372a3c23a6ffc6c6f976139
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75116021B18B4286EB608F53EC5436962A0FF88BE4F044274EA5DC7BA4DFBCD9568741
                                                                                                                                                                                                                        Function 00007FF62AA08560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF62AA09216), ref: 00007FF62AA08592
                                                                                                                                                                                                                        • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF62AA09216), ref: 00007FF62AA085E9
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA09400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62AA045E4,00000000,00007FF62AA01985), ref: 00007FF62AA09439
                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF62AA09216), ref: 00007FF62AA08678
                                                                                                                                                                                                                        • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF62AA09216), ref: 00007FF62AA086E4
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00000000,00007FF62AA09216), ref: 00007FF62AA086F5
                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00000000,00007FF62AA09216), ref: 00007FF62AA0870A
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3462794448-0
                                                                                                                                                                                                                        • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                        • Instruction ID: 084e35af8579e00fd13418816d0f963da33a3d136ba483e534af796c834e3783
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A1417E66A1968282EF309F12A9407AA7394FF88BC4F450175DF8DD7B89DE7CE406C705
                                                                                                                                                                                                                        Function 00007FF62AA1B338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF62AA14F81,?,?,?,?,00007FF62AA1A4FA,?,?,?,?,00007FF62AA171FF), ref: 00007FF62AA1B347
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF62AA14F81,?,?,?,?,00007FF62AA1A4FA,?,?,?,?,00007FF62AA171FF), ref: 00007FF62AA1B37D
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF62AA14F81,?,?,?,?,00007FF62AA1A4FA,?,?,?,?,00007FF62AA171FF), ref: 00007FF62AA1B3AA
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF62AA14F81,?,?,?,?,00007FF62AA1A4FA,?,?,?,?,00007FF62AA171FF), ref: 00007FF62AA1B3BB
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF62AA14F81,?,?,?,?,00007FF62AA1A4FA,?,?,?,?,00007FF62AA171FF), ref: 00007FF62AA1B3CC
                                                                                                                                                                                                                        • SetLastError.KERNEL32(?,?,?,00007FF62AA14F81,?,?,?,?,00007FF62AA1A4FA,?,?,?,?,00007FF62AA171FF), ref: 00007FF62AA1B3E7
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value$ErrorLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2506987500-0
                                                                                                                                                                                                                        • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                        • Instruction ID: 2377bbbd3177f5ef7cb3e23da47c84915e0e49179a3b19ecd3bde7f369001a38
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5119020A0E78296FF6467355E4117D61829F447B0F0447B5EA7EC6BC6EEECA4138703
                                                                                                                                                                                                                        Function 00007FF62AA02910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62AA01B6A), ref: 00007FF62AA0295E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                                        • API String ID: 2050909247-2962405886
                                                                                                                                                                                                                        • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                        • Instruction ID: a6a205e5e1043cdb2a13e981553cba3eb33a5cb1661f648f3eedb0fca7e368bd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6631D463B1968152EB20AB65AC417F66294BF887D4F400132FE8DC3759EFBCD54B8701
                                                                                                                                                                                                                        Function 00007FF62AA02390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                        • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                        • Instruction ID: a8744d3894a85bb6254b7cd0480fc8e73b2d91597bc9d30359ea1406faa14a64
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE315E72A19A8289EF60DF21EC552FA6360FF88784F540175EA4D87B59DF7CD106C702
                                                                                                                                                                                                                        Function 00007FF62AA02B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF62AA0918F,?,00007FF62AA03C55), ref: 00007FF62AA02BA0
                                                                                                                                                                                                                        • MessageBoxW.USER32 ref: 00007FF62AA02C2A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentMessageProcess
                                                                                                                                                                                                                        • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                                        • API String ID: 1672936522-3797743490
                                                                                                                                                                                                                        • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                        • Instruction ID: c022c5a2c30db00df01239863a2d437bcd6f419412c3b364a043afe5103fe13a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0E21A162709B4192EB219B25F8847EA63A4EF88784F400136EE8D97A55DE7CE65AC700
                                                                                                                                                                                                                        Function 00007FF62AA02710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF62AA01B99), ref: 00007FF62AA02760
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                                        • API String ID: 2050909247-1591803126
                                                                                                                                                                                                                        • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                        • Instruction ID: 4a2df78f6db56abd006e3be0169180ead232acfbbe138db85adb28a8fe8255b5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01218372A1978192EB60DB61BC817E66394EF88384F400176FE8C87659DFBCD14A8741
                                                                                                                                                                                                                        Function 00007FF62AA19AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                        • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                        • Instruction ID: 7acb044c919812ae9532508269ed763e0b9ce9ac22899b3b804bf3262d7fb068
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3F04F21A0A60692FF148B25EC953795320FF45761F5406B5C66E865E4DFACE44AC341
                                                                                                                                                                                                                        Function 00007FF62AA293D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _set_statfp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1156100317-0
                                                                                                                                                                                                                        • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                        • Instruction ID: 2b7f56936f68965b663eaebadd322ba4ea13111d1303409c8ac3101f04744b43
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2311C172E0CA1301FF541D26DC5637523447F58B70F040AB4EA6E86ED6CEACA8634182
                                                                                                                                                                                                                        Function 00007FF62AA1B400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • FlsGetValue.KERNEL32(?,?,?,00007FF62AA1A613,?,?,00000000,00007FF62AA1A8AE,?,?,?,?,?,00007FF62AA1A83A), ref: 00007FF62AA1B41F
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF62AA1A613,?,?,00000000,00007FF62AA1A8AE,?,?,?,?,?,00007FF62AA1A83A), ref: 00007FF62AA1B43E
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF62AA1A613,?,?,00000000,00007FF62AA1A8AE,?,?,?,?,?,00007FF62AA1A83A), ref: 00007FF62AA1B466
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF62AA1A613,?,?,00000000,00007FF62AA1A8AE,?,?,?,?,?,00007FF62AA1A83A), ref: 00007FF62AA1B477
                                                                                                                                                                                                                        • FlsSetValue.KERNEL32(?,?,?,00007FF62AA1A613,?,?,00000000,00007FF62AA1A8AE,?,?,?,?,?,00007FF62AA1A83A), ref: 00007FF62AA1B488
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                        • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                        • Instruction ID: 357b91331493d93f1ca82d19f3273e2ef7e0230048b5187b88dd54d75732d65d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0118120F0E64251FF9893399E5117961825F447B0F08C7B5EA7EC66D6EEACE8438703
                                                                                                                                                                                                                        Function 00007FF62AA1B294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Value
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3702945584-0
                                                                                                                                                                                                                        • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                        • Instruction ID: 547ffbd17af3f5d2b288efbd6d4009c8e31c3d605d19104bc1f09e11354fbeb7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14113C20E0E247A5FFA862294D511BE51824F59370F4447B9DA3ECA6D2EDACB8435713
                                                                                                                                                                                                                        Function 00007FF62AA16010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: verbose
                                                                                                                                                                                                                        • API String ID: 3215553584-579935070
                                                                                                                                                                                                                        • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                        • Instruction ID: 0967eb91900a0b182e1bb78411c9deec7bc7421968d8cc3bd1853df90d596f61
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C691BF32A08A46A1FF618E28DC5037D77A5AF44B94F448176DA9EC73D5DFBCE8468302
                                                                                                                                                                                                                        Function 00007FF62AA1FC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                                        • API String ID: 3215553584-1196891531
                                                                                                                                                                                                                        • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                        • Instruction ID: fb66958258e1314893e6c346fd0d9f8d1e5dfa79e1b935efd3fcf5a5f603e73e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB81C276E0C683A5FF654E29891067C36A0AF11B48F5540B7DA09C72C5DFADE903D743
                                                                                                                                                                                                                        Function 00007FF62AA0D6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2395640692-1018135373
                                                                                                                                                                                                                        • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                        • Instruction ID: 0970da3836cc1348b999315cf67e6030bec86544b64b7f708044d40e61016557
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8851AE23A197028AEF14CB15E844B797791EF44B98F148174EA8A87788DFBEE846C701
                                                                                                                                                                                                                        Function 00007FF62AA0F2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                                        • String ID: csm$csm
                                                                                                                                                                                                                        • API String ID: 3896166516-3733052814
                                                                                                                                                                                                                        • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                        • Instruction ID: d71ccf10d1b773e1ebc9346cd9f8cc2c5aad06172e03c1f78a1e5d6f38a34469
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F4517E3290838286EF748E21D94436C76A0EF55B94F14827ADA9DD7B95CFBCE4528702
                                                                                                                                                                                                                        Function 00007FF62AA0EF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                                        • String ID: MOC$RCC
                                                                                                                                                                                                                        • API String ID: 3544855599-2084237596
                                                                                                                                                                                                                        • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                        • Instruction ID: 4522fb22760547d655bb9548f962b66ab3a1d71b13266ae5c072481acc719078
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73619032908BC586EB708F15E8403AEB7A0FB95B84F044266EB9D57B95DFBCD191CB01
                                                                                                                                                                                                                        Function 00007FF62AA02810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                        • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                                        • API String ID: 2030045667-255084403
                                                                                                                                                                                                                        • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                        • Instruction ID: 514ff25a1028c22015200431e15fe3dbda53ae94bf35de92217cee9f6e67d070
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B121A162B08B4192EB119B25F8847EA63A4EF88780F400136EE8D97655DE7CE65AC700
                                                                                                                                                                                                                        Function 00007FF62AA1C610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2718003287-0
                                                                                                                                                                                                                        • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                        • Instruction ID: 5f183be8e641730ac23fc0c1a5ffc14c74dbb3bdf3c14f4a3c80dc635303ee91
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFD12072B18A809AEB11CF65D8402BC37B2FF44B98B448276DE5E97B89DE78D017C741
                                                                                                                                                                                                                        Function 00007FF62AA020C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                                        • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                        • Instruction ID: 95f75e6f52dddea2f10a09702319d28f82818d1eceb9a5322a929940bd164617
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B11A931B1C24242FF549B6AED843B99291EF98780F444070DB4947F99CDADE8DA8201
                                                                                                                                                                                                                        Function 00007FF62AA25B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: ?
                                                                                                                                                                                                                        • API String ID: 1286766494-1684325040
                                                                                                                                                                                                                        • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                        • Instruction ID: 71769f9e17c7cce0687ec15301b926a85d7560d8a80549da18f70c589f76f949
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30412822A1838346FF259F27982137A6690FF80BA4F144275EE5C86ED5EFBCD452C701
                                                                                                                                                                                                                        Function 00007FF62AA19084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • _invalid_parameter_noinfo.LIBCMT ref: 00007FF62AA190B6
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA1A9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF62AA22D92,?,?,?,00007FF62AA22DCF,?,?,00000000,00007FF62AA23295,?,?,?,00007FF62AA231C7), ref: 00007FF62AA1A9CE
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA1A9B8: GetLastError.KERNEL32(?,?,?,00007FF62AA22D92,?,?,?,00007FF62AA22DCF,?,?,00000000,00007FF62AA23295,?,?,?,00007FF62AA231C7), ref: 00007FF62AA1A9D8
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF62AA0CC15), ref: 00007FF62AA190D4
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\ihost.exe
                                                                                                                                                                                                                        • API String ID: 3580290477-3964291130
                                                                                                                                                                                                                        • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                        • Instruction ID: 74006a1a54e4b44d5434dcc55769a9768c6c11ad130231b356b2e74ec601f907
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7C41AB32A08B12A6EF55DF259C800BC63A4FF44BD0B454075EA4E87B85DEBDE487C342
                                                                                                                                                                                                                        Function 00007FF62AA1CCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastWrite
                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                        • API String ID: 442123175-4171548499
                                                                                                                                                                                                                        • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                        • Instruction ID: 21ec8188bcadb29d6607065a9b10e8185d997c28178663270d38971e3e4280a3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D441B432B18A4196DB608F25E8443BA67A0FB88794F444432EE4DC7B98EF7CD416CB41
                                                                                                                                                                                                                        Function 00007FF62AA1F628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentDirectory
                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                        • API String ID: 1611563598-336475711
                                                                                                                                                                                                                        • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                        • Instruction ID: 42aa392f74241a4247739ebf095fa94314b685da3d00ab6330120ede9f87df1b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3421E172A082C182EF208B11D84427DA3A1FF84B44F95807BDA9D87694DFBCE9468B42
                                                                                                                                                                                                                        Function 00007FF62AA0FDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                        • API String ID: 2573137834-1018135373
                                                                                                                                                                                                                        • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                        • Instruction ID: 7e3287eeb6e16ce09ebafec4547cc387e4912217e764cacbc415c87bbc168892
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F114C32609B8182EB608F25F84025A77E0FF88B88F584271DB8D47B55DF7CD562CB00
                                                                                                                                                                                                                        Function 00007FF62AA207AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000000.00000002.2960657780.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960638103.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960693134.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960723052.00007FF62AA42000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000000.00000002.2960772512.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID: :
                                                                                                                                                                                                                        • API String ID: 2595371189-336475711
                                                                                                                                                                                                                        • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                        • Instruction ID: 86f7f589a75992bd8bd1b8ca082bf4401db5e5d0347cb20dd095c281c99dcd83
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C001A26291C60386FF30AF619C6637E23A0EF44709F800076D54DC6A95EFBCE9568F16

                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                        Execution Coverage:1.5%
                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                        Signature Coverage:8.1%
                                                                                                                                                                                                                        Total number of Nodes:949
                                                                                                                                                                                                                        Total number of Limit Nodes:40
                                                                                                                                                                                                                        execution_graph 89144 7ff62aa15698 89145 7ff62aa156cf 89144->89145 89146 7ff62aa156b2 89144->89146 89145->89146 89148 7ff62aa156e2 CreateFileW 89145->89148 89169 7ff62aa14f58 11 API calls _set_fmode 89146->89169 89150 7ff62aa15716 89148->89150 89151 7ff62aa1574c 89148->89151 89149 7ff62aa156b7 89170 7ff62aa14f78 11 API calls _set_fmode 89149->89170 89172 7ff62aa157ec 59 API calls 3 library calls 89150->89172 89173 7ff62aa15c74 46 API calls 3 library calls 89151->89173 89155 7ff62aa15751 89158 7ff62aa15780 89155->89158 89159 7ff62aa15755 89155->89159 89156 7ff62aa156bf 89171 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 89156->89171 89157 7ff62aa15724 89161 7ff62aa1572b CloseHandle 89157->89161 89162 7ff62aa15741 CloseHandle 89157->89162 89175 7ff62aa15a34 51 API calls 89158->89175 89174 7ff62aa14eec 11 API calls 2 library calls 89159->89174 89165 7ff62aa156ca 89161->89165 89162->89165 89166 7ff62aa1578d 89176 7ff62aa15b70 21 API calls _fread_nolock 89166->89176 89168 7ff62aa1575f 89168->89165 89169->89149 89170->89156 89171->89165 89172->89157 89173->89155 89174->89168 89175->89166 89176->89168 89177 7ff62aa02fe0 89178 7ff62aa02ff0 89177->89178 89179 7ff62aa03041 89178->89179 89180 7ff62aa0302b 89178->89180 89182 7ff62aa03061 89179->89182 89191 7ff62aa03077 __vcrt_freefls 89179->89191 89253 7ff62aa02710 54 API calls _log10_special 89180->89253 89254 7ff62aa02710 54 API calls _log10_special 89182->89254 89185 7ff62aa03037 __vcrt_freefls 89255 7ff62aa0c5c0 89185->89255 89188 7ff62aa03349 89268 7ff62aa02710 54 API calls _log10_special 89188->89268 89191->89185 89191->89188 89192 7ff62aa03333 89191->89192 89194 7ff62aa0330d 89191->89194 89196 7ff62aa03207 89191->89196 89205 7ff62aa01470 89191->89205 89235 7ff62aa01c80 89191->89235 89267 7ff62aa02710 54 API calls _log10_special 89192->89267 89266 7ff62aa02710 54 API calls _log10_special 89194->89266 89197 7ff62aa03273 89196->89197 89264 7ff62aa1a474 37 API calls 2 library calls 89196->89264 89199 7ff62aa03290 89197->89199 89200 7ff62aa0329e 89197->89200 89265 7ff62aa1a474 37 API calls 2 library calls 89199->89265 89239 7ff62aa02dd0 89200->89239 89203 7ff62aa0329c 89243 7ff62aa02500 89203->89243 89269 7ff62aa045b0 89205->89269 89208 7ff62aa014bc 89279 7ff62aa10744 89208->89279 89209 7ff62aa0149b 89309 7ff62aa02710 54 API calls _log10_special 89209->89309 89212 7ff62aa014ab 89212->89191 89213 7ff62aa014d1 89214 7ff62aa014d5 89213->89214 89215 7ff62aa014f8 89213->89215 89310 7ff62aa14f78 11 API calls _set_fmode 89214->89310 89219 7ff62aa01532 89215->89219 89220 7ff62aa01508 89215->89220 89217 7ff62aa014da 89311 7ff62aa02910 54 API calls _log10_special 89217->89311 89222 7ff62aa01538 89219->89222 89230 7ff62aa0154b 89219->89230 89312 7ff62aa14f78 11 API calls _set_fmode 89220->89312 89283 7ff62aa01210 89222->89283 89223 7ff62aa01510 89313 7ff62aa02910 54 API calls _log10_special 89223->89313 89227 7ff62aa014f3 __vcrt_freefls 89305 7ff62aa100bc 89227->89305 89229 7ff62aa015c4 89229->89191 89230->89227 89231 7ff62aa015d6 89230->89231 89314 7ff62aa1040c 89230->89314 89317 7ff62aa14f78 11 API calls _set_fmode 89231->89317 89233 7ff62aa015db 89318 7ff62aa02910 54 API calls _log10_special 89233->89318 89236 7ff62aa01ca5 89235->89236 89559 7ff62aa149f4 89236->89559 89242 7ff62aa02e04 89239->89242 89241 7ff62aa02f6f 89241->89203 89242->89241 89582 7ff62aa1a474 37 API calls 2 library calls 89242->89582 89244 7ff62aa0252c 89243->89244 89245 7ff62aa02536 89243->89245 89246 7ff62aa09400 2 API calls 89244->89246 89247 7ff62aa0254b 89245->89247 89248 7ff62aa09400 2 API calls 89245->89248 89246->89245 89249 7ff62aa02560 89247->89249 89250 7ff62aa09400 2 API calls 89247->89250 89248->89247 89583 7ff62aa02390 89249->89583 89250->89249 89252 7ff62aa0257c __vcrt_freefls 89252->89185 89253->89185 89254->89185 89257 7ff62aa0c5c9 89255->89257 89256 7ff62aa031fa 89257->89256 89258 7ff62aa0c950 IsProcessorFeaturePresent 89257->89258 89259 7ff62aa0c968 89258->89259 89641 7ff62aa0cb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 89259->89641 89261 7ff62aa0c97b 89642 7ff62aa0c910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 89261->89642 89264->89197 89265->89203 89266->89185 89267->89185 89268->89185 89270 7ff62aa045bc 89269->89270 89319 7ff62aa09400 89270->89319 89272 7ff62aa045e4 89273 7ff62aa09400 2 API calls 89272->89273 89274 7ff62aa045f7 89273->89274 89324 7ff62aa16004 89274->89324 89277 7ff62aa0c5c0 _log10_special 8 API calls 89278 7ff62aa01493 89277->89278 89278->89208 89278->89209 89280 7ff62aa10774 89279->89280 89492 7ff62aa104d4 89280->89492 89282 7ff62aa1078d 89282->89213 89284 7ff62aa01268 89283->89284 89285 7ff62aa0126f 89284->89285 89286 7ff62aa01297 89284->89286 89509 7ff62aa02710 54 API calls _log10_special 89285->89509 89289 7ff62aa012d4 89286->89289 89290 7ff62aa012b1 89286->89290 89288 7ff62aa01282 89288->89227 89293 7ff62aa01309 memcpy_s 89289->89293 89294 7ff62aa012e6 89289->89294 89510 7ff62aa14f78 11 API calls _set_fmode 89290->89510 89292 7ff62aa012b6 89511 7ff62aa02910 54 API calls _log10_special 89292->89511 89298 7ff62aa1040c _fread_nolock 53 API calls 89293->89298 89300 7ff62aa10180 37 API calls 89293->89300 89301 7ff62aa012cf __vcrt_freefls 89293->89301 89302 7ff62aa013cf 89293->89302 89505 7ff62aa10b4c 89293->89505 89512 7ff62aa14f78 11 API calls _set_fmode 89294->89512 89297 7ff62aa012eb 89513 7ff62aa02910 54 API calls _log10_special 89297->89513 89298->89293 89300->89293 89301->89227 89514 7ff62aa02710 54 API calls _log10_special 89302->89514 89306 7ff62aa100ec 89305->89306 89531 7ff62aa0fe98 89306->89531 89308 7ff62aa10105 89308->89229 89309->89212 89310->89217 89311->89227 89312->89223 89313->89227 89543 7ff62aa1042c 89314->89543 89317->89233 89318->89227 89320 7ff62aa09422 MultiByteToWideChar 89319->89320 89321 7ff62aa09446 89319->89321 89320->89321 89323 7ff62aa0945c __vcrt_freefls 89320->89323 89322 7ff62aa09463 MultiByteToWideChar 89321->89322 89321->89323 89322->89323 89323->89272 89325 7ff62aa15f38 89324->89325 89326 7ff62aa15f5e 89325->89326 89329 7ff62aa15f91 89325->89329 89355 7ff62aa14f78 11 API calls _set_fmode 89326->89355 89328 7ff62aa15f63 89356 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 89328->89356 89331 7ff62aa15f97 89329->89331 89332 7ff62aa15fa4 89329->89332 89357 7ff62aa14f78 11 API calls _set_fmode 89331->89357 89343 7ff62aa1ac98 89332->89343 89336 7ff62aa15fb8 89358 7ff62aa14f78 11 API calls _set_fmode 89336->89358 89337 7ff62aa15fc5 89350 7ff62aa1ff3c 89337->89350 89340 7ff62aa15fd8 89359 7ff62aa154e8 LeaveCriticalSection 89340->89359 89342 7ff62aa04606 89342->89277 89360 7ff62aa20348 EnterCriticalSection 89343->89360 89345 7ff62aa1acaf 89346 7ff62aa1ad0c 19 API calls 89345->89346 89347 7ff62aa1acba 89346->89347 89348 7ff62aa203a8 _isindst LeaveCriticalSection 89347->89348 89349 7ff62aa15fae 89348->89349 89349->89336 89349->89337 89361 7ff62aa1fc38 89350->89361 89353 7ff62aa1ff96 89353->89340 89355->89328 89356->89342 89357->89342 89358->89342 89366 7ff62aa1fc73 __vcrt_FlsAlloc 89361->89366 89363 7ff62aa1ff11 89380 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 89363->89380 89365 7ff62aa1fe43 89365->89353 89373 7ff62aa26dc4 89365->89373 89372 7ff62aa1fe3a 89366->89372 89376 7ff62aa17aac 51 API calls 3 library calls 89366->89376 89368 7ff62aa1fea5 89368->89372 89377 7ff62aa17aac 51 API calls 3 library calls 89368->89377 89370 7ff62aa1fec4 89370->89372 89378 7ff62aa17aac 51 API calls 3 library calls 89370->89378 89372->89365 89379 7ff62aa14f78 11 API calls _set_fmode 89372->89379 89381 7ff62aa263c4 89373->89381 89376->89368 89377->89370 89378->89372 89379->89363 89380->89365 89382 7ff62aa263f9 89381->89382 89383 7ff62aa263db 89381->89383 89382->89383 89385 7ff62aa26415 89382->89385 89435 7ff62aa14f78 11 API calls _set_fmode 89383->89435 89392 7ff62aa269d4 89385->89392 89386 7ff62aa263e0 89436 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 89386->89436 89390 7ff62aa263ec 89390->89353 89438 7ff62aa26708 89392->89438 89395 7ff62aa26a49 89470 7ff62aa14f58 11 API calls _set_fmode 89395->89470 89396 7ff62aa26a61 89458 7ff62aa18590 89396->89458 89399 7ff62aa26a4e 89471 7ff62aa14f78 11 API calls _set_fmode 89399->89471 89408 7ff62aa26440 89408->89390 89437 7ff62aa18568 LeaveCriticalSection 89408->89437 89435->89386 89436->89390 89439 7ff62aa26734 89438->89439 89447 7ff62aa2674e 89438->89447 89439->89447 89483 7ff62aa14f78 11 API calls _set_fmode 89439->89483 89441 7ff62aa26743 89484 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 89441->89484 89443 7ff62aa2681d 89454 7ff62aa2687a 89443->89454 89489 7ff62aa19be8 37 API calls 2 library calls 89443->89489 89444 7ff62aa267cc 89444->89443 89487 7ff62aa14f78 11 API calls _set_fmode 89444->89487 89447->89444 89485 7ff62aa14f78 11 API calls _set_fmode 89447->89485 89448 7ff62aa26876 89451 7ff62aa268f8 89448->89451 89448->89454 89449 7ff62aa26812 89488 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 89449->89488 89490 7ff62aa1a970 17 API calls __GetCurrentState 89451->89490 89453 7ff62aa267c1 89486 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 89453->89486 89454->89395 89454->89396 89491 7ff62aa20348 EnterCriticalSection 89458->89491 89470->89399 89471->89408 89483->89441 89484->89447 89485->89453 89486->89444 89487->89449 89488->89443 89489->89448 89493 7ff62aa1053e 89492->89493 89494 7ff62aa104fe 89492->89494 89493->89494 89496 7ff62aa1054a 89493->89496 89504 7ff62aa1a884 37 API calls 2 library calls 89494->89504 89503 7ff62aa154dc EnterCriticalSection 89496->89503 89498 7ff62aa10525 89498->89282 89499 7ff62aa1054f 89500 7ff62aa10658 71 API calls 89499->89500 89501 7ff62aa10561 89500->89501 89502 7ff62aa154e8 _fread_nolock LeaveCriticalSection 89501->89502 89502->89498 89504->89498 89506 7ff62aa10b7c 89505->89506 89515 7ff62aa1089c 89506->89515 89508 7ff62aa10b9a 89508->89293 89509->89288 89510->89292 89511->89301 89512->89297 89513->89301 89514->89301 89516 7ff62aa108bc 89515->89516 89517 7ff62aa108e9 89515->89517 89516->89517 89518 7ff62aa108c6 89516->89518 89519 7ff62aa108f1 89516->89519 89517->89508 89529 7ff62aa1a884 37 API calls 2 library calls 89518->89529 89522 7ff62aa107dc 89519->89522 89530 7ff62aa154dc EnterCriticalSection 89522->89530 89524 7ff62aa107f9 89525 7ff62aa1081c 74 API calls 89524->89525 89526 7ff62aa10802 89525->89526 89527 7ff62aa154e8 _fread_nolock LeaveCriticalSection 89526->89527 89528 7ff62aa1080d 89527->89528 89528->89517 89529->89517 89532 7ff62aa0feb3 89531->89532 89535 7ff62aa0fee1 89531->89535 89542 7ff62aa1a884 37 API calls 2 library calls 89532->89542 89534 7ff62aa0fed3 89534->89308 89535->89534 89541 7ff62aa154dc EnterCriticalSection 89535->89541 89537 7ff62aa0fef8 89538 7ff62aa0ff14 72 API calls 89537->89538 89539 7ff62aa0ff04 89538->89539 89540 7ff62aa154e8 _fread_nolock LeaveCriticalSection 89539->89540 89540->89534 89542->89534 89544 7ff62aa10456 89543->89544 89555 7ff62aa10424 89543->89555 89545 7ff62aa104a2 89544->89545 89546 7ff62aa10465 memcpy_s 89544->89546 89544->89555 89556 7ff62aa154dc EnterCriticalSection 89545->89556 89557 7ff62aa14f78 11 API calls _set_fmode 89546->89557 89548 7ff62aa104aa 89550 7ff62aa101ac _fread_nolock 51 API calls 89548->89550 89552 7ff62aa104c1 89550->89552 89551 7ff62aa1047a 89558 7ff62aa1a950 37 API calls _invalid_parameter_noinfo 89551->89558 89554 7ff62aa154e8 _fread_nolock LeaveCriticalSection 89552->89554 89554->89555 89555->89230 89557->89551 89558->89555 89561 7ff62aa14a4e 89559->89561 89560 7ff62aa14a73 89577 7ff62aa1a884 37 API calls 2 library calls 89560->89577 89561->89560 89563 7ff62aa14aaf 89561->89563 89578 7ff62aa12c80 49 API calls _invalid_parameter_noinfo 89563->89578 89565 7ff62aa14a9d 89566 7ff62aa0c5c0 _log10_special 8 API calls 89565->89566 89568 7ff62aa01cc8 89566->89568 89568->89191 89569 7ff62aa14b46 89570 7ff62aa14bb0 89569->89570 89572 7ff62aa14b58 89569->89572 89575 7ff62aa14b61 89569->89575 89576 7ff62aa14b8c 89569->89576 89573 7ff62aa14bba 89570->89573 89570->89576 89572->89575 89572->89576 89580 7ff62aa1a9b8 11 API calls 2 library calls 89573->89580 89579 7ff62aa1a9b8 11 API calls 2 library calls 89575->89579 89581 7ff62aa1a9b8 11 API calls 2 library calls 89576->89581 89577->89565 89578->89569 89579->89565 89580->89565 89581->89565 89582->89241 89602 7ff62aa0c8c0 89583->89602 89586 7ff62aa023e5 memcpy_s 89604 7ff62aa025c0 89586->89604 89588 7ff62aa0242b memcpy_s 89608 7ff62aa179dc 89588->89608 89591 7ff62aa179dc 37 API calls 89592 7ff62aa0245e 89591->89592 89593 7ff62aa179dc 37 API calls 89592->89593 89594 7ff62aa0246b DialogBoxIndirectParamW 89593->89594 89595 7ff62aa024a1 __vcrt_freefls 89594->89595 89596 7ff62aa024c1 DeleteObject 89595->89596 89597 7ff62aa024c7 89595->89597 89596->89597 89598 7ff62aa024d3 DestroyIcon 89597->89598 89599 7ff62aa024d9 89597->89599 89598->89599 89600 7ff62aa0c5c0 _log10_special 8 API calls 89599->89600 89601 7ff62aa024ea 89600->89601 89601->89252 89603 7ff62aa023a9 GetModuleHandleW 89602->89603 89603->89586 89605 7ff62aa025e5 89604->89605 89616 7ff62aa14c48 89605->89616 89609 7ff62aa179fa 89608->89609 89613 7ff62aa02451 89608->89613 89609->89613 89639 7ff62aa204e4 37 API calls 2 library calls 89609->89639 89611 7ff62aa17a29 89612 7ff62aa17a49 89611->89612 89611->89613 89640 7ff62aa1a970 17 API calls __GetCurrentState 89612->89640 89613->89591 89619 7ff62aa14ca2 89616->89619 89617 7ff62aa14cc7 89634 7ff62aa1a884 37 API calls 2 library calls 89617->89634 89619->89617 89620 7ff62aa14d03 89619->89620 89635 7ff62aa13000 48 API calls _invalid_parameter_noinfo 89620->89635 89622 7ff62aa14d9e 89625 7ff62aa14db0 89622->89625 89627 7ff62aa14de4 89622->89627 89628 7ff62aa14db9 89622->89628 89629 7ff62aa14e0a 89622->89629 89623 7ff62aa0c5c0 _log10_special 8 API calls 89626 7ff62aa02604 89623->89626 89625->89627 89625->89628 89626->89588 89638 7ff62aa1a9b8 11 API calls 2 library calls 89627->89638 89636 7ff62aa1a9b8 11 API calls 2 library calls 89628->89636 89629->89627 89630 7ff62aa14e14 89629->89630 89637 7ff62aa1a9b8 11 API calls 2 library calls 89630->89637 89633 7ff62aa14cf1 89633->89623 89634->89633 89635->89622 89636->89633 89637->89633 89638->89633 89639->89611 89641->89261 89643 7ff62aa020c0 89644 7ff62aa020d5 89643->89644 89645 7ff62aa0213b GetWindowLongPtrW 89643->89645 89647 7ff62aa0210a SetWindowLongPtrW 89644->89647 89650 7ff62aa020e2 89644->89650 89653 7ff62aa02180 GetDC 89645->89653 89652 7ff62aa02124 89647->89652 89648 7ff62aa020f4 EndDialog 89651 7ff62aa020fa 89648->89651 89650->89648 89650->89651 89654 7ff62aa0224d 89653->89654 89655 7ff62aa021bd 89653->89655 89658 7ff62aa02252 MoveWindow MoveWindow MoveWindow MoveWindow 89654->89658 89656 7ff62aa021ef SelectObject 89655->89656 89657 7ff62aa021fb DrawTextW 89655->89657 89656->89657 89659 7ff62aa02225 SelectObject 89657->89659 89660 7ff62aa02231 ReleaseDC 89657->89660 89661 7ff62aa0c5c0 _log10_special 8 API calls 89658->89661 89659->89660 89660->89658 89662 7ff62aa02158 InvalidateRect 89661->89662 89662->89651 89663 7ffe0077fd40 89664 7ffe0077fd50 89663->89664 89665 7ffe0077fd62 ERR_new ERR_set_debug ERR_set_error 89664->89665 89666 7ffe0077fda1 89664->89666 89667 7ffe0077fe1b 89666->89667 89668 7ffe0077fddb ASYNC_get_current_job 89666->89668 89670 7ffe0077fe21 89666->89670 89676 7ffe007614bf 89667->89676 89705 7ffe007bf070 89667->89705 89734 7ffe00761df7 89667->89734 89668->89667 89669 7ffe0077fde5 89668->89669 89763 7ffe00788740 ERR_new ERR_set_debug ERR_new ERR_set_debug ERR_set_error 89669->89763 89672 7ffe0077fe10 89676->89670 89677 7ffe007be960 89676->89677 89678 7ffe007bf1bc ERR_clear_error SetLastError 89677->89678 89679 7ffe007bf4bd 89677->89679 89680 7ffe007bf1d5 89678->89680 89679->89670 89680->89679 89681 7ffe007bf2d9 89680->89681 89682 7ffe007bf28c 89680->89682 89704 7ffe007bf220 89680->89704 89683 7ffe007bf2f1 89681->89683 89684 7ffe007bf2e5 ERR_new 89681->89684 89682->89683 89689 7ffe007bf2a4 ERR_new 89682->89689 89694 7ffe007bf30a ERR_new 89683->89694 89697 7ffe007bf316 89683->89697 89687 7ffe007bf2ae ERR_set_debug 89684->89687 89685 7ffe007bf440 89690 7ffe007bf44b ERR_new ERR_set_debug 89685->89690 89691 7ffe007bf47e ERR_new ERR_set_debug ERR_set_error 89685->89691 89695 7ffe007bf2d4 89687->89695 89689->89687 89692 7ffe00761d8e 89690->89692 89693 7ffe007bf4ad BUF_MEM_free 89691->89693 89692->89691 89693->89679 89694->89687 89695->89693 89696 7ffe007bf35c 89698 7ffe007bf381 89696->89698 89699 7ffe007bf372 ERR_new 89696->89699 89697->89696 89700 7ffe007bf32c ERR_new 89697->89700 89701 7ffe007bf33b 89697->89701 89702 7ffe007bf39b ERR_new 89698->89702 89698->89704 89699->89687 89700->89687 89701->89696 89703 7ffe007bf34d ERR_new 89701->89703 89702->89687 89703->89687 89704->89685 89704->89693 89704->89695 89764 7ffe007becc0 89704->89764 89776 7ffe007bf6b0 89704->89776 89706 7ffe007bf180 89705->89706 89707 7ffe007bf1bc ERR_clear_error SetLastError 89706->89707 89722 7ffe007bf4bd 89706->89722 89708 7ffe007bf1d5 89707->89708 89709 7ffe007bf2d9 89708->89709 89710 7ffe007bf28c 89708->89710 89708->89722 89733 7ffe007bf220 89708->89733 89711 7ffe007bf2f1 89709->89711 89712 7ffe007bf2e5 ERR_new 89709->89712 89710->89711 89717 7ffe007bf2a4 ERR_new 89710->89717 89723 7ffe007bf30a ERR_new 89711->89723 89726 7ffe007bf316 89711->89726 89715 7ffe007bf2ae ERR_set_debug 89712->89715 89713 7ffe007bf440 89718 7ffe007bf44b ERR_new ERR_set_debug 89713->89718 89719 7ffe007bf47e ERR_new ERR_set_debug ERR_set_error 89713->89719 89714 7ffe007becc0 10 API calls 89714->89733 89724 7ffe007bf2d4 89715->89724 89716 7ffe007bf6b0 21 API calls 89716->89733 89717->89715 89720 7ffe00761d8e 89718->89720 89721 7ffe007bf4ad BUF_MEM_free 89719->89721 89720->89719 89721->89722 89722->89670 89723->89715 89724->89721 89725 7ffe007bf35c 89727 7ffe007bf381 89725->89727 89728 7ffe007bf372 ERR_new 89725->89728 89726->89725 89729 7ffe007bf32c ERR_new 89726->89729 89730 7ffe007bf33b 89726->89730 89731 7ffe007bf39b ERR_new 89727->89731 89727->89733 89728->89715 89729->89715 89730->89725 89732 7ffe007bf34d ERR_new 89730->89732 89731->89715 89732->89715 89733->89713 89733->89714 89733->89716 89733->89721 89733->89724 89734->89670 89735 7ffe007beaa0 89734->89735 89736 7ffe007bf1bc ERR_clear_error SetLastError 89735->89736 89751 7ffe007bf4bd 89735->89751 89741 7ffe007bf1d5 89736->89741 89737 7ffe007bf2d9 89739 7ffe007bf2f1 89737->89739 89740 7ffe007bf2e5 ERR_new 89737->89740 89738 7ffe007bf28c 89738->89739 89746 7ffe007bf2a4 ERR_new 89738->89746 89752 7ffe007bf30a ERR_new 89739->89752 89755 7ffe007bf316 89739->89755 89744 7ffe007bf2ae ERR_set_debug 89740->89744 89741->89737 89741->89738 89741->89751 89762 7ffe007bf220 89741->89762 89742 7ffe007bf440 89747 7ffe007bf44b ERR_new ERR_set_debug 89742->89747 89748 7ffe007bf47e ERR_new ERR_set_debug ERR_set_error 89742->89748 89743 7ffe007becc0 10 API calls 89743->89762 89753 7ffe007bf2d4 89744->89753 89745 7ffe007bf6b0 21 API calls 89745->89762 89746->89744 89749 7ffe00761d8e 89747->89749 89750 7ffe007bf4ad BUF_MEM_free 89748->89750 89749->89748 89750->89751 89751->89670 89752->89744 89753->89750 89754 7ffe007bf35c 89756 7ffe007bf381 89754->89756 89757 7ffe007bf372 ERR_new 89754->89757 89755->89754 89758 7ffe007bf32c ERR_new 89755->89758 89759 7ffe007bf33b 89755->89759 89760 7ffe007bf39b ERR_new 89756->89760 89756->89762 89757->89744 89758->89744 89759->89754 89761 7ffe007bf34d ERR_new 89759->89761 89760->89744 89761->89744 89762->89742 89762->89743 89762->89745 89762->89750 89762->89753 89763->89672 89768 7ffe007becda 89764->89768 89765 7ffe007bef80 ERR_new 89766 7ffe007bef8a ERR_set_debug 89765->89766 89773 7ffe007befd7 89766->89773 89767 7ffe007bf011 ERR_new 89767->89766 89768->89765 89768->89767 89769 7ffe007beff6 89768->89769 89771 7ffe007bf020 ERR_new ERR_set_debug 89768->89771 89768->89773 89774 7ffe007bee3e BUF_MEM_grow_clean 89768->89774 89775 7ffe007befad ERR_new ERR_set_debug 89768->89775 89770 7ffe007bf002 ERR_new 89769->89770 89769->89773 89772 7ffe007bef4d ERR_set_debug 89770->89772 89771->89773 89772->89773 89773->89704 89774->89768 89774->89775 89775->89773 89788 7ffe007bf6cc 89776->89788 89777 7ffe007bf762 ERR_new ERR_set_debug 89781 7ffe007bf991 89777->89781 89778 7ffe007bfa45 89779 7ffe007bfa51 ERR_new 89778->89779 89778->89781 89782 7ffe007bfa5b ERR_set_debug 89779->89782 89781->89704 89782->89781 89784 7ffe007bf998 89784->89781 89785 7ffe007bf9e4 ERR_new 89784->89785 89785->89782 89786 7ffe007bfa2c 89787 7ffe007bfa36 ERR_new 89786->89787 89787->89778 89788->89777 89788->89778 89788->89781 89788->89784 89788->89786 89789 7ffe007bfa13 89788->89789 89791 7ffe00761389 CRYPTO_zalloc ERR_new ERR_set_debug ERR_set_error 89788->89791 89792 7ffe00761294 10 API calls 89788->89792 89790 7ffe007bfa1d ERR_new 89789->89790 89790->89786 89791->89788 89792->89788 89793 7ff62aa0ccac 89814 7ff62aa0ce7c 89793->89814 89796 7ff62aa0cdf8 89963 7ff62aa0d19c 7 API calls 2 library calls 89796->89963 89797 7ff62aa0ccc8 __scrt_acquire_startup_lock 89799 7ff62aa0ce02 89797->89799 89806 7ff62aa0cce6 __scrt_release_startup_lock 89797->89806 89964 7ff62aa0d19c 7 API calls 2 library calls 89799->89964 89801 7ff62aa0cd0b 89802 7ff62aa0ce0d __GetCurrentState 89803 7ff62aa0cd91 89820 7ff62aa0d2e4 89803->89820 89805 7ff62aa0cd96 89823 7ff62aa01000 89805->89823 89806->89801 89806->89803 89960 7ff62aa19b9c 45 API calls 89806->89960 89812 7ff62aa0cdb9 89812->89802 89962 7ff62aa0d000 7 API calls 89812->89962 89813 7ff62aa0cdd0 89813->89801 89815 7ff62aa0ce84 89814->89815 89816 7ff62aa0ce90 __scrt_dllmain_crt_thread_attach 89815->89816 89817 7ff62aa0ccc0 89816->89817 89818 7ff62aa0ce9d 89816->89818 89817->89796 89817->89797 89818->89817 89965 7ff62aa0d8f8 7 API calls 2 library calls 89818->89965 89966 7ff62aa2a540 89820->89966 89822 7ff62aa0d2fb GetStartupInfoW 89822->89805 89824 7ff62aa01009 89823->89824 89968 7ff62aa154f4 89824->89968 89826 7ff62aa037fb 89975 7ff62aa036b0 89826->89975 89830 7ff62aa0c5c0 _log10_special 8 API calls 89834 7ff62aa03ca7 89830->89834 89832 7ff62aa0383c 89835 7ff62aa01c80 49 API calls 89832->89835 89833 7ff62aa0391b 89836 7ff62aa045b0 108 API calls 89833->89836 89961 7ff62aa0d328 GetModuleHandleW 89834->89961 89837 7ff62aa0385b 89835->89837 89838 7ff62aa0392b 89836->89838 90047 7ff62aa08a20 89837->90047 89840 7ff62aa0396a 89838->89840 90070 7ff62aa07f80 89838->90070 90079 7ff62aa02710 54 API calls _log10_special 89840->90079 89842 7ff62aa0388e 89851 7ff62aa038bb __vcrt_freefls 89842->89851 90069 7ff62aa08b90 40 API calls __vcrt_freefls 89842->90069 89844 7ff62aa0395d 89845 7ff62aa03984 89844->89845 89846 7ff62aa03962 89844->89846 89847 7ff62aa01c80 49 API calls 89845->89847 89849 7ff62aa100bc 74 API calls 89846->89849 89850 7ff62aa039a3 89847->89850 89849->89840 89856 7ff62aa01950 115 API calls 89850->89856 89852 7ff62aa08a20 14 API calls 89851->89852 89859 7ff62aa038de __vcrt_freefls 89851->89859 89852->89859 89854 7ff62aa03a0b 90082 7ff62aa08b90 40 API calls __vcrt_freefls 89854->90082 89858 7ff62aa039ce 89856->89858 89857 7ff62aa03a17 90083 7ff62aa08b90 40 API calls __vcrt_freefls 89857->90083 89858->89837 89861 7ff62aa039de 89858->89861 89865 7ff62aa0390e __vcrt_freefls 89859->89865 90081 7ff62aa08b30 40 API calls __vcrt_freefls 89859->90081 90080 7ff62aa02710 54 API calls _log10_special 89861->90080 89862 7ff62aa03a23 90084 7ff62aa08b90 40 API calls __vcrt_freefls 89862->90084 89866 7ff62aa08a20 14 API calls 89865->89866 89867 7ff62aa03a3b 89866->89867 89868 7ff62aa03b2f 89867->89868 89869 7ff62aa03a60 __vcrt_freefls 89867->89869 90086 7ff62aa02710 54 API calls _log10_special 89868->90086 89882 7ff62aa03aab 89869->89882 90085 7ff62aa08b30 40 API calls __vcrt_freefls 89869->90085 89871 7ff62aa03808 __vcrt_freefls 89871->89830 89873 7ff62aa08a20 14 API calls 89874 7ff62aa03bf4 __vcrt_freefls 89873->89874 89875 7ff62aa03d41 89874->89875 89876 7ff62aa03c46 89874->89876 90091 7ff62aa044d0 49 API calls 89875->90091 89878 7ff62aa03cd4 89876->89878 89879 7ff62aa03c50 89876->89879 89880 7ff62aa08a20 14 API calls 89878->89880 90087 7ff62aa090e0 59 API calls _log10_special 89879->90087 89885 7ff62aa03ce0 89880->89885 89881 7ff62aa03d4f 89886 7ff62aa03d65 89881->89886 89887 7ff62aa03d71 89881->89887 89882->89873 89884 7ff62aa03c55 89888 7ff62aa03cb3 89884->89888 89889 7ff62aa03c61 89884->89889 89885->89889 89892 7ff62aa03ced 89885->89892 90092 7ff62aa04620 89886->90092 89891 7ff62aa01c80 49 API calls 89887->89891 90089 7ff62aa08850 86 API calls 2 library calls 89888->90089 90088 7ff62aa02710 54 API calls _log10_special 89889->90088 89903 7ff62aa03d2b __vcrt_freefls 89891->89903 89895 7ff62aa01c80 49 API calls 89892->89895 89898 7ff62aa03d0b 89895->89898 89896 7ff62aa03dc4 89899 7ff62aa09400 2 API calls 89896->89899 89897 7ff62aa03cbb 89900 7ff62aa03cbf 89897->89900 89901 7ff62aa03cc8 89897->89901 89902 7ff62aa03d12 89898->89902 89898->89903 89905 7ff62aa03dd7 SetDllDirectoryW 89899->89905 89900->89889 89901->89903 90090 7ff62aa02710 54 API calls _log10_special 89902->90090 89903->89896 89904 7ff62aa03da7 SetDllDirectoryW LoadLibraryExW 89903->89904 89904->89896 89908 7ff62aa03e5a 89905->89908 89909 7ff62aa03e0a 89905->89909 89911 7ff62aa03ffc 89908->89911 89912 7ff62aa03f1b 89908->89912 89910 7ff62aa08a20 14 API calls 89909->89910 89919 7ff62aa03e16 __vcrt_freefls 89910->89919 89913 7ff62aa04029 89911->89913 89914 7ff62aa04006 PostMessageW GetMessageW 89911->89914 90103 7ff62aa033c0 121 API calls 2 library calls 89912->90103 90060 7ff62aa03360 89913->90060 89914->89913 89916 7ff62aa03f23 89916->89871 89917 7ff62aa03f2b 89916->89917 90104 7ff62aa090c0 LocalFree 89917->90104 89922 7ff62aa03ef2 89919->89922 89926 7ff62aa03e4e 89919->89926 90102 7ff62aa08b30 40 API calls __vcrt_freefls 89922->90102 89926->89908 90095 7ff62aa06db0 54 API calls _set_fmode 89926->90095 89929 7ff62aa04043 90106 7ff62aa06fb0 FreeLibrary 89929->90106 89934 7ff62aa0404f 89935 7ff62aa03e6c 90096 7ff62aa07330 117 API calls 2 library calls 89935->90096 89939 7ff62aa03e81 89942 7ff62aa03ea2 89939->89942 89953 7ff62aa03e85 89939->89953 90097 7ff62aa06df0 120 API calls _log10_special 89939->90097 89942->89953 90098 7ff62aa071a0 125 API calls 89942->90098 89946 7ff62aa03ee0 90101 7ff62aa06fb0 FreeLibrary 89946->90101 89947 7ff62aa03eb7 89947->89953 90099 7ff62aa074e0 55 API calls 89947->90099 89953->89908 90100 7ff62aa02a50 54 API calls _log10_special 89953->90100 89960->89803 89961->89812 89962->89813 89963->89799 89964->89802 89965->89817 89967 7ff62aa2a530 89966->89967 89967->89822 89967->89967 89971 7ff62aa1f4f0 89968->89971 89969 7ff62aa1f543 90107 7ff62aa1a884 37 API calls 2 library calls 89969->90107 89971->89969 89972 7ff62aa1f596 89971->89972 90108 7ff62aa1f3c8 71 API calls _fread_nolock 89972->90108 89974 7ff62aa1f56c 89974->89826 89976 7ff62aa0c8c0 89975->89976 89977 7ff62aa036bc GetModuleFileNameW 89976->89977 89978 7ff62aa03710 89977->89978 89979 7ff62aa036eb GetLastError 89977->89979 90109 7ff62aa092f0 FindFirstFileExW 89978->90109 90114 7ff62aa02c50 51 API calls _log10_special 89979->90114 89983 7ff62aa03723 90115 7ff62aa09370 CreateFileW GetFinalPathNameByHandleW CloseHandle 89983->90115 89984 7ff62aa0377d 90117 7ff62aa094b0 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 89984->90117 89986 7ff62aa0c5c0 _log10_special 8 API calls 89989 7ff62aa037b5 89986->89989 89988 7ff62aa0378b 89991 7ff62aa03706 89988->89991 90118 7ff62aa02810 49 API calls _log10_special 89988->90118 89989->89871 89997 7ff62aa01950 89989->89997 89990 7ff62aa03730 89992 7ff62aa03734 89990->89992 89993 7ff62aa0374c __vcrt_FlsAlloc 89990->89993 89991->89986 90116 7ff62aa02810 49 API calls _log10_special 89992->90116 89993->89984 89996 7ff62aa03745 89996->89991 89998 7ff62aa045b0 108 API calls 89997->89998 89999 7ff62aa01985 89998->89999 90000 7ff62aa01c43 89999->90000 90002 7ff62aa07f80 83 API calls 89999->90002 90001 7ff62aa0c5c0 _log10_special 8 API calls 90000->90001 90003 7ff62aa01c5e 90001->90003 90004 7ff62aa019cb 90002->90004 90003->89832 90003->89833 90005 7ff62aa10744 73 API calls 90004->90005 90046 7ff62aa01a03 90004->90046 90007 7ff62aa019e5 90005->90007 90006 7ff62aa100bc 74 API calls 90006->90000 90008 7ff62aa019e9 90007->90008 90009 7ff62aa01a08 90007->90009 90119 7ff62aa14f78 11 API calls _set_fmode 90008->90119 90011 7ff62aa1040c _fread_nolock 53 API calls 90009->90011 90013 7ff62aa01a20 90011->90013 90012 7ff62aa019ee 90120 7ff62aa02910 54 API calls _log10_special 90012->90120 90015 7ff62aa01a45 90013->90015 90016 7ff62aa01a26 90013->90016 90019 7ff62aa01a5c 90015->90019 90020 7ff62aa01a7b 90015->90020 90121 7ff62aa14f78 11 API calls _set_fmode 90016->90121 90018 7ff62aa01a2b 90122 7ff62aa02910 54 API calls _log10_special 90018->90122 90123 7ff62aa14f78 11 API calls _set_fmode 90019->90123 90023 7ff62aa01c80 49 API calls 90020->90023 90025 7ff62aa01a92 90023->90025 90024 7ff62aa01a61 90124 7ff62aa02910 54 API calls _log10_special 90024->90124 90027 7ff62aa01c80 49 API calls 90025->90027 90028 7ff62aa01add 90027->90028 90029 7ff62aa10744 73 API calls 90028->90029 90030 7ff62aa01b01 90029->90030 90031 7ff62aa01b35 90030->90031 90032 7ff62aa01b16 90030->90032 90034 7ff62aa1040c _fread_nolock 53 API calls 90031->90034 90125 7ff62aa14f78 11 API calls _set_fmode 90032->90125 90036 7ff62aa01b4a 90034->90036 90035 7ff62aa01b1b 90126 7ff62aa02910 54 API calls _log10_special 90035->90126 90038 7ff62aa01b50 90036->90038 90039 7ff62aa01b6f 90036->90039 90127 7ff62aa14f78 11 API calls _set_fmode 90038->90127 90129 7ff62aa10180 37 API calls 2 library calls 90039->90129 90042 7ff62aa01b89 90042->90046 90130 7ff62aa02710 54 API calls _log10_special 90042->90130 90043 7ff62aa01b55 90128 7ff62aa02910 54 API calls _log10_special 90043->90128 90046->90006 90048 7ff62aa08a2a 90047->90048 90049 7ff62aa09400 2 API calls 90048->90049 90050 7ff62aa08a49 GetEnvironmentVariableW 90049->90050 90051 7ff62aa08a66 ExpandEnvironmentStringsW 90050->90051 90052 7ff62aa08ab2 90050->90052 90051->90052 90053 7ff62aa08a88 90051->90053 90054 7ff62aa0c5c0 _log10_special 8 API calls 90052->90054 90131 7ff62aa094b0 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 90053->90131 90056 7ff62aa08ac4 90054->90056 90056->89842 90057 7ff62aa08a9a 90058 7ff62aa0c5c0 _log10_special 8 API calls 90057->90058 90059 7ff62aa08aaa 90058->90059 90059->89842 90132 7ff62aa06350 90060->90132 90063 7ff62aa03399 90105 7ff62aa03670 FreeLibrary 90063->90105 90065 7ff62aa03381 90065->90063 90200 7ff62aa06040 90065->90200 90067 7ff62aa0338d 90067->90063 90209 7ff62aa061d0 54 API calls 90067->90209 90069->89851 90071 7ff62aa07fa4 90070->90071 90072 7ff62aa10744 73 API calls 90071->90072 90077 7ff62aa0807b __vcrt_freefls 90071->90077 90073 7ff62aa07fc0 90072->90073 90073->90077 90263 7ff62aa17938 90073->90263 90075 7ff62aa10744 73 API calls 90078 7ff62aa07fd5 90075->90078 90076 7ff62aa1040c _fread_nolock 53 API calls 90076->90078 90077->89844 90078->90075 90078->90076 90078->90077 90079->89871 90080->89871 90081->89854 90082->89857 90083->89862 90084->89865 90085->89882 90086->89871 90087->89884 90088->89871 90089->89897 90090->89871 90091->89881 90093 7ff62aa01c80 49 API calls 90092->90093 90094 7ff62aa04650 90093->90094 90094->89903 90095->89935 90096->89939 90097->89942 90098->89947 90099->89953 90100->89946 90101->89908 90102->89908 90103->89916 90105->89929 90106->89934 90107->89974 90108->89974 90110 7ff62aa0932f FindClose 90109->90110 90111 7ff62aa09342 90109->90111 90110->90111 90112 7ff62aa0c5c0 _log10_special 8 API calls 90111->90112 90113 7ff62aa0371a 90112->90113 90113->89983 90113->89984 90114->89991 90115->89990 90116->89996 90117->89988 90118->89991 90119->90012 90120->90046 90121->90018 90122->90046 90123->90024 90124->90046 90125->90035 90126->90046 90127->90043 90128->90046 90129->90042 90130->90046 90131->90057 90133 7ff62aa06365 90132->90133 90134 7ff62aa01c80 49 API calls 90133->90134 90135 7ff62aa063a1 90134->90135 90136 7ff62aa063cd 90135->90136 90137 7ff62aa063aa 90135->90137 90139 7ff62aa04620 49 API calls 90136->90139 90220 7ff62aa02710 54 API calls _log10_special 90137->90220 90140 7ff62aa063e5 90139->90140 90141 7ff62aa06403 90140->90141 90221 7ff62aa02710 54 API calls _log10_special 90140->90221 90210 7ff62aa04550 90141->90210 90142 7ff62aa0c5c0 _log10_special 8 API calls 90145 7ff62aa0336e 90142->90145 90145->90063 90163 7ff62aa064f0 90145->90163 90147 7ff62aa0641b 90149 7ff62aa04620 49 API calls 90147->90149 90148 7ff62aa09070 3 API calls 90148->90147 90150 7ff62aa06434 90149->90150 90151 7ff62aa06459 90150->90151 90152 7ff62aa06439 90150->90152 90216 7ff62aa09070 90151->90216 90222 7ff62aa02710 54 API calls _log10_special 90152->90222 90155 7ff62aa06466 90156 7ff62aa06472 90155->90156 90157 7ff62aa064b1 90155->90157 90159 7ff62aa09400 2 API calls 90156->90159 90224 7ff62aa05820 137 API calls 90157->90224 90160 7ff62aa0648a GetLastError 90159->90160 90223 7ff62aa02c50 51 API calls _log10_special 90160->90223 90162 7ff62aa063c3 90162->90142 90225 7ff62aa053f0 90163->90225 90165 7ff62aa06516 90166 7ff62aa0652f 90165->90166 90167 7ff62aa0651e 90165->90167 90232 7ff62aa04c80 90166->90232 90250 7ff62aa02710 54 API calls _log10_special 90167->90250 90171 7ff62aa0654c 90175 7ff62aa0655c 90171->90175 90177 7ff62aa0656d 90171->90177 90172 7ff62aa0653b 90251 7ff62aa02710 54 API calls _log10_special 90172->90251 90174 7ff62aa0652a 90174->90065 90252 7ff62aa02710 54 API calls _log10_special 90175->90252 90178 7ff62aa0659d 90177->90178 90179 7ff62aa0658c 90177->90179 90181 7ff62aa065bd 90178->90181 90182 7ff62aa065ac 90178->90182 90253 7ff62aa02710 54 API calls _log10_special 90179->90253 90236 7ff62aa04d40 90181->90236 90254 7ff62aa02710 54 API calls _log10_special 90182->90254 90186 7ff62aa065dd 90189 7ff62aa065fd 90186->90189 90190 7ff62aa065ec 90186->90190 90187 7ff62aa065cc 90255 7ff62aa02710 54 API calls _log10_special 90187->90255 90192 7ff62aa0660f 90189->90192 90194 7ff62aa06620 90189->90194 90256 7ff62aa02710 54 API calls _log10_special 90190->90256 90257 7ff62aa02710 54 API calls _log10_special 90192->90257 90197 7ff62aa0664a 90194->90197 90258 7ff62aa17320 73 API calls 90194->90258 90196 7ff62aa06638 90259 7ff62aa17320 73 API calls 90196->90259 90197->90174 90260 7ff62aa02710 54 API calls _log10_special 90197->90260 90201 7ff62aa06060 90200->90201 90201->90201 90202 7ff62aa06089 90201->90202 90208 7ff62aa060a0 __vcrt_freefls 90201->90208 90262 7ff62aa02710 54 API calls _log10_special 90202->90262 90204 7ff62aa06095 90204->90067 90205 7ff62aa061ab 90205->90067 90206 7ff62aa01470 116 API calls 90206->90208 90207 7ff62aa02710 54 API calls 90207->90208 90208->90205 90208->90206 90208->90207 90209->90063 90211 7ff62aa0455a 90210->90211 90212 7ff62aa09400 2 API calls 90211->90212 90213 7ff62aa0457f 90212->90213 90214 7ff62aa0c5c0 _log10_special 8 API calls 90213->90214 90215 7ff62aa045a7 90214->90215 90215->90147 90215->90148 90217 7ff62aa09400 2 API calls 90216->90217 90218 7ff62aa09084 LoadLibraryExW 90217->90218 90219 7ff62aa090a3 __vcrt_freefls 90218->90219 90219->90155 90220->90162 90221->90141 90222->90162 90223->90162 90224->90162 90227 7ff62aa0541c 90225->90227 90226 7ff62aa05424 90226->90165 90227->90226 90230 7ff62aa055c4 90227->90230 90261 7ff62aa16b14 48 API calls 90227->90261 90228 7ff62aa05787 __vcrt_freefls 90228->90165 90229 7ff62aa047c0 47 API calls 90229->90230 90230->90228 90230->90229 90233 7ff62aa04cb0 90232->90233 90234 7ff62aa0c5c0 _log10_special 8 API calls 90233->90234 90235 7ff62aa04d1a 90234->90235 90235->90171 90235->90172 90237 7ff62aa04d55 90236->90237 90238 7ff62aa01c80 49 API calls 90237->90238 90239 7ff62aa04da1 90238->90239 90240 7ff62aa01c80 49 API calls 90239->90240 90249 7ff62aa04e23 __vcrt_freefls 90239->90249 90241 7ff62aa04de0 90240->90241 90244 7ff62aa09400 2 API calls 90241->90244 90241->90249 90242 7ff62aa0c5c0 _log10_special 8 API calls 90243 7ff62aa04e6e 90242->90243 90243->90186 90243->90187 90245 7ff62aa04df6 90244->90245 90246 7ff62aa09400 2 API calls 90245->90246 90247 7ff62aa04e0d 90246->90247 90248 7ff62aa09400 2 API calls 90247->90248 90248->90249 90249->90242 90250->90174 90251->90174 90252->90174 90253->90174 90254->90174 90255->90174 90256->90174 90257->90174 90258->90196 90259->90197 90260->90174 90261->90227 90262->90204 90264 7ff62aa17968 90263->90264 90267 7ff62aa17444 90264->90267 90266 7ff62aa17981 90266->90078 90268 7ff62aa1748e 90267->90268 90269 7ff62aa1745f 90267->90269 90277 7ff62aa154dc EnterCriticalSection 90268->90277 90278 7ff62aa1a884 37 API calls 2 library calls 90269->90278 90272 7ff62aa17493 90273 7ff62aa174b0 38 API calls 90272->90273 90274 7ff62aa1749f 90273->90274 90275 7ff62aa154e8 _fread_nolock LeaveCriticalSection 90274->90275 90276 7ff62aa1747f 90275->90276 90276->90266 90278->90276 90279 7ffe00761f4b 90280 7ffe00770650 90279->90280 90281 7ffe007706b2 90280->90281 90282 7ffe007706cc BIO_ctrl 90280->90282 90283 7ffe007706ec 90282->90283 90284 7ff62aa0bb50 90285 7ff62aa0bb7e 90284->90285 90286 7ff62aa0bb65 90284->90286 90286->90285 90289 7ff62aa1d66c 90286->90289 90290 7ff62aa1d6b7 90289->90290 90294 7ff62aa1d67b _set_fmode 90289->90294 90297 7ff62aa14f78 11 API calls _set_fmode 90290->90297 90292 7ff62aa1d69e HeapAlloc 90293 7ff62aa0bbde 90292->90293 90292->90294 90294->90290 90294->90292 90296 7ff62aa23600 EnterCriticalSection LeaveCriticalSection _set_fmode 90294->90296 90296->90294 90297->90293 90298 7ffdff1a1230 GetSystemInfo 90299 7ffdff1a1264 90298->90299 90300 7ffe007d15a0 90305 7ffe007d15b8 90300->90305 90301 7ffe007d1700 90302 7ffe007d16f9 90301->90302 90303 7ffe007d1761 ERR_new ERR_set_debug 90301->90303 90303->90302 90304 7ffe007d16c6 ERR_new ERR_set_debug 90304->90302 90305->90301 90305->90302 90305->90304 90307 7ffe00761c1c 90305->90307 90307->90305 90308 7ffe007a6e20 90307->90308 90309 7ffe007a6eec ERR_new 90308->90309 90321 7ffe007a6efb 90308->90321 90334 7ffe007a6f15 90308->90334 90310 7ffe007a7860 ERR_set_debug 90309->90310 90310->90334 90312 7ffe007a7856 ERR_new 90312->90310 90313 7ffe007a75e8 ERR_new ERR_set_debug 90313->90334 90314 7ffe007a75bb ERR_new ERR_set_debug 90314->90334 90315 7ffe007a77e9 ERR_new 90315->90310 90316 7ffe007a7110 ERR_new ERR_set_debug 90316->90334 90317 7ffe007a76e8 ERR_new ERR_set_debug 90317->90334 90318 7ffe007a747d ERR_new ERR_set_debug 90318->90334 90319 7ffe007a7715 ERR_new ERR_set_debug 90319->90334 90320 7ffe007a77f5 ERR_new 90324 7ffe007a77c6 ERR_set_debug 90320->90324 90321->90312 90321->90313 90321->90314 90321->90315 90321->90316 90321->90317 90321->90318 90321->90319 90321->90320 90322 7ffe007a732b memcpy 90321->90322 90323 7ffe007a74f0 memcpy 90321->90323 90325 7ffe007a77bc ERR_new 90321->90325 90326 7ffe007a72f4 90321->90326 90327 7ffe007a7539 OPENSSL_cleanse 90321->90327 90328 7ffe007a7795 ERR_new ERR_set_debug 90321->90328 90330 7ffe007a7789 ERR_new 90321->90330 90332 7ffe007a76bb ERR_new ERR_set_debug 90321->90332 90333 7ffe007a764d ERR_new ERR_set_debug 90321->90333 90321->90334 90335 7ffe007a774d ERR_new 90321->90335 90336 7ffe007a7620 ERR_new ERR_set_debug 90321->90336 90337 7ffe007a728b ERR_new ERR_set_debug 90321->90337 90338 7ffe00761a0f 90321->90338 90322->90321 90323->90321 90324->90334 90325->90324 90329 7ffe007a7303 BIO_clear_flags BIO_set_flags 90326->90329 90327->90321 90328->90334 90329->90334 90331 7ffe007a7757 ERR_set_debug 90330->90331 90331->90334 90332->90334 90333->90334 90334->90305 90335->90331 90336->90334 90337->90334 90338->90321 90339 7ffe007aab70 90338->90339 90340 7ffe007ab8b6 ERR_new 90339->90340 90341 7ffe007aba4c ERR_new ERR_set_debug 90339->90341 90342 7ffe007aae96 ERR_new ERR_set_debug 90339->90342 90343 7ffe007ab1be 90339->90343 90344 7ffe007aba40 ERR_new 90339->90344 90345 7ffe007ab8c5 ERR_new 90339->90345 90349 7ffe007ab8d4 90339->90349 90350 7ffe007ab9e2 ERR_new 90339->90350 90351 7ffe007aaf96 EVP_CIPHER_CTX_get0_cipher EVP_CIPHER_get_flags 90339->90351 90364 7ffe007ab111 90339->90364 90367 7ffe007ab00c ERR_new ERR_set_debug 90339->90367 90374 7ffe007aace7 ERR_new ERR_set_debug 90339->90374 90387 7ffe007ab039 90339->90387 90391 7ffe007ab0e4 ERR_new ERR_set_debug 90339->90391 90396 7ffe007ab0b7 ERR_new ERR_set_debug 90339->90396 90340->90345 90341->90343 90342->90343 90343->90321 90346 7ffe007aba20 ERR_set_debug 90344->90346 90345->90349 90346->90343 90347 7ffe007ab207 90348 7ffe007ab213 EVP_MD_CTX_get0_md 90347->90348 90379 7ffe007ab22e 90347->90379 90352 7ffe007ab21d EVP_MD_get_size 90348->90352 90348->90379 90354 7ffe007ab8e1 strncmp 90349->90354 90355 7ffe007ab9d3 ERR_new 90349->90355 90350->90346 90351->90339 90351->90364 90361 7ffe007ab31f ERR_new ERR_set_debug 90352->90361 90352->90379 90353 7ffe007ab383 90358 7ffe007ab2c6 ERR_set_mark 90353->90358 90359 7ffe007ab38c CRYPTO_zalloc 90353->90359 90356 7ffe007ab9a8 ERR_new ERR_set_debug 90354->90356 90357 7ffe007ab906 strncmp 90354->90357 90355->90350 90356->90343 90357->90356 90362 7ffe007ab926 strncmp 90357->90362 90370 7ffe007ab2fb 90358->90370 90359->90358 90365 7ffe007ab3b3 ERR_new ERR_set_debug 90359->90365 90361->90343 90362->90356 90369 7ffe007ab93d strncmp 90362->90369 90363 7ffe007ab169 90368 7ffe007ab1da ERR_new ERR_set_debug 90363->90368 90375 7ffe007ab179 90363->90375 90364->90347 90364->90363 90365->90343 90366 7ffe007ab2c3 90366->90358 90367->90343 90368->90343 90369->90356 90372 7ffe007ab957 strncmp 90369->90372 90373 7ffe007ab305 90370->90373 90383 7ffe007ab4c1 90370->90383 90371 7ffe007ab374 ERR_new 90371->90353 90377 7ffe007ab999 ERR_new 90372->90377 90378 7ffe007ab96e ERR_new ERR_set_debug 90372->90378 90384 7ffe007ab3db 90373->90384 90385 7ffe007ab315 ERR_clear_last_mark 90373->90385 90374->90343 90375->90343 90376 7ffe007ab191 ERR_new ERR_set_debug 90375->90376 90376->90343 90377->90356 90378->90343 90379->90353 90379->90366 90379->90371 90381 7ffe007ab347 ERR_new ERR_set_debug 90379->90381 90382 7ffe007ab29f CRYPTO_memcmp 90379->90382 90380 7ffe007ab08a ERR_new ERR_set_debug 90380->90343 90381->90343 90382->90379 90382->90381 90388 7ffe007ab4f0 EVP_MD_CTX_get0_md 90383->90388 90410 7ffe007ab5a4 90383->90410 90386 7ffe007ab42f ERR_clear_last_mark ERR_new ERR_set_debug 90384->90386 90395 7ffe007ab3ed ERR_pop_to_mark 90384->90395 90393 7ffe007ab407 90385->90393 90386->90393 90387->90380 90389 7ffe007ab05a ERR_new ERR_set_debug 90387->90389 90390 7ffe007ab085 90387->90390 90403 7ffe007ab505 90388->90403 90388->90410 90389->90343 90390->90380 90391->90343 90392 7ffe007ab7ea ERR_new ERR_set_debug 90398 7ffe007ab817 ERR_new 90392->90398 90393->90343 90394 7ffe007ab4a5 CRYPTO_free 90393->90394 90399 7ffe007ab486 CRYPTO_free 90393->90399 90394->90343 90395->90393 90396->90343 90402 7ffe007ab821 ERR_set_debug 90398->90402 90399->90393 90400 7ffe007ab8aa ERR_new 90404 7ffe007ab887 ERR_set_debug 90400->90404 90401 7ffe007ab7bd ERR_new ERR_set_debug 90401->90392 90407 7ffe007ab844 ERR_new 90402->90407 90409 7ffe007ab54e CRYPTO_memcmp 90403->90409 90403->90410 90411 7ffe007ab57a 90403->90411 90404->90400 90405 7ffe007ab87d ERR_new 90405->90404 90406 7ffe007ab73e ERR_new ERR_set_debug 90406->90410 90407->90402 90408 7ffe007ab850 ERR_new ERR_set_debug 90408->90405 90409->90403 90410->90392 90410->90393 90410->90398 90410->90400 90410->90401 90410->90405 90410->90406 90410->90407 90410->90408 90413 7ffe0076103c CRYPTO_malloc COMP_expand_block 90410->90413 90411->90393 90411->90410 90412 7ffe007ab58e ERR_new 90411->90412 90412->90410 90413->90410

                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                        Function 00007FFE00761A0F Relevance: 144.4, APIs: 74, Strings: 8, Instructions: 858COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$R_set_debug$O_free$D_get_sizeO_memcmpR_clear_last_markR_get_flagsR_set_markX_get0_cipherX_get0_md
                                                                                                                                                                                                                        • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
                                                                                                                                                                                                                        • API String ID: 2283737721-2781224710
                                                                                                                                                                                                                        • Opcode ID: 40243567b0c9e5d0b1d25a9c0806e483eb2da45cb6c3cb4bcf6ca79101e842da
                                                                                                                                                                                                                        • Instruction ID: 637683ed405d1f1fee13467d312e42959eeff2dbaff3ceb2a85fc6b553e79e9b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40243567b0c9e5d0b1d25a9c0806e483eb2da45cb6c3cb4bcf6ca79101e842da
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84828061A0AA8281FB60BB21D4547B922A0EF86784F5C4036EB4D477BEDF7CE985C711
                                                                                                                                                                                                                        Function 00007FF62AA01000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 435 7ff62aa01000-7ff62aa03806 call 7ff62aa0fe88 call 7ff62aa0fe90 call 7ff62aa0c8c0 call 7ff62aa15460 call 7ff62aa154f4 call 7ff62aa036b0 449 7ff62aa03814-7ff62aa03836 call 7ff62aa01950 435->449 450 7ff62aa03808-7ff62aa0380f 435->450 455 7ff62aa0383c-7ff62aa03856 call 7ff62aa01c80 449->455 456 7ff62aa0391b-7ff62aa03931 call 7ff62aa045b0 449->456 451 7ff62aa03c97-7ff62aa03cb2 call 7ff62aa0c5c0 450->451 460 7ff62aa0385b-7ff62aa0389b call 7ff62aa08a20 455->460 463 7ff62aa03933-7ff62aa03960 call 7ff62aa07f80 456->463 464 7ff62aa0396a-7ff62aa0397f call 7ff62aa02710 456->464 469 7ff62aa038c1-7ff62aa038cc call 7ff62aa14fa0 460->469 470 7ff62aa0389d-7ff62aa038a3 460->470 476 7ff62aa03984-7ff62aa039a6 call 7ff62aa01c80 463->476 477 7ff62aa03962-7ff62aa03965 call 7ff62aa100bc 463->477 472 7ff62aa03c8f 464->472 484 7ff62aa038d2-7ff62aa038e1 call 7ff62aa08a20 469->484 485 7ff62aa039fc-7ff62aa03a2a call 7ff62aa08b30 call 7ff62aa08b90 * 3 469->485 473 7ff62aa038a5-7ff62aa038ad 470->473 474 7ff62aa038af-7ff62aa038bd call 7ff62aa08b90 470->474 472->451 473->474 474->469 486 7ff62aa039b0-7ff62aa039b9 476->486 477->464 492 7ff62aa039f4-7ff62aa039f7 call 7ff62aa14fa0 484->492 493 7ff62aa038e7-7ff62aa038ed 484->493 511 7ff62aa03a2f-7ff62aa03a3e call 7ff62aa08a20 485->511 486->486 490 7ff62aa039bb-7ff62aa039d8 call 7ff62aa01950 486->490 490->460 503 7ff62aa039de-7ff62aa039ef call 7ff62aa02710 490->503 492->485 496 7ff62aa038f0-7ff62aa038fc 493->496 500 7ff62aa03905-7ff62aa03908 496->500 501 7ff62aa038fe-7ff62aa03903 496->501 500->492 504 7ff62aa0390e-7ff62aa03916 call 7ff62aa14fa0 500->504 501->496 501->500 503->472 504->511 514 7ff62aa03b45-7ff62aa03b53 511->514 515 7ff62aa03a44-7ff62aa03a47 511->515 516 7ff62aa03b59-7ff62aa03b5d 514->516 517 7ff62aa03a67 514->517 515->514 518 7ff62aa03a4d-7ff62aa03a50 515->518 519 7ff62aa03a6b-7ff62aa03a90 call 7ff62aa14fa0 516->519 517->519 520 7ff62aa03b14-7ff62aa03b17 518->520 521 7ff62aa03a56-7ff62aa03a5a 518->521 530 7ff62aa03a92-7ff62aa03aa6 call 7ff62aa08b30 519->530 531 7ff62aa03aab-7ff62aa03ac0 519->531 523 7ff62aa03b2f-7ff62aa03b40 call 7ff62aa02710 520->523 524 7ff62aa03b19-7ff62aa03b1d 520->524 521->520 522 7ff62aa03a60 521->522 522->517 532 7ff62aa03c7f-7ff62aa03c87 523->532 524->523 528 7ff62aa03b1f-7ff62aa03b2a 524->528 528->519 530->531 534 7ff62aa03be8-7ff62aa03bfa call 7ff62aa08a20 531->534 535 7ff62aa03ac6-7ff62aa03aca 531->535 532->472 543 7ff62aa03c2e 534->543 544 7ff62aa03bfc-7ff62aa03c02 534->544 537 7ff62aa03ad0-7ff62aa03ae8 call 7ff62aa152c0 535->537 538 7ff62aa03bcd-7ff62aa03be2 call 7ff62aa01940 535->538 548 7ff62aa03b62-7ff62aa03b7a call 7ff62aa152c0 537->548 549 7ff62aa03aea-7ff62aa03b02 call 7ff62aa152c0 537->549 538->534 538->535 550 7ff62aa03c31-7ff62aa03c40 call 7ff62aa14fa0 543->550 546 7ff62aa03c04-7ff62aa03c1c 544->546 547 7ff62aa03c1e-7ff62aa03c2c 544->547 546->550 547->550 557 7ff62aa03b7c-7ff62aa03b80 548->557 558 7ff62aa03b87-7ff62aa03b9f call 7ff62aa152c0 548->558 549->538 559 7ff62aa03b08-7ff62aa03b0f 549->559 560 7ff62aa03d41-7ff62aa03d63 call 7ff62aa044d0 550->560 561 7ff62aa03c46-7ff62aa03c4a 550->561 557->558 574 7ff62aa03ba1-7ff62aa03ba5 558->574 575 7ff62aa03bac-7ff62aa03bc4 call 7ff62aa152c0 558->575 559->538 572 7ff62aa03d65-7ff62aa03d6f call 7ff62aa04620 560->572 573 7ff62aa03d71-7ff62aa03d82 call 7ff62aa01c80 560->573 564 7ff62aa03cd4-7ff62aa03ce6 call 7ff62aa08a20 561->564 565 7ff62aa03c50-7ff62aa03c5f call 7ff62aa090e0 561->565 578 7ff62aa03d35-7ff62aa03d3c 564->578 579 7ff62aa03ce8-7ff62aa03ceb 564->579 576 7ff62aa03cb3-7ff62aa03cbd call 7ff62aa08850 565->576 577 7ff62aa03c61 565->577 586 7ff62aa03d87-7ff62aa03d96 572->586 573->586 574->575 575->538 594 7ff62aa03bc6 575->594 599 7ff62aa03cbf-7ff62aa03cc6 576->599 600 7ff62aa03cc8-7ff62aa03ccf 576->600 583 7ff62aa03c68 call 7ff62aa02710 577->583 578->583 579->578 584 7ff62aa03ced-7ff62aa03d10 call 7ff62aa01c80 579->584 595 7ff62aa03c6d-7ff62aa03c77 583->595 601 7ff62aa03d12-7ff62aa03d26 call 7ff62aa02710 call 7ff62aa14fa0 584->601 602 7ff62aa03d2b-7ff62aa03d33 call 7ff62aa14fa0 584->602 591 7ff62aa03dc4-7ff62aa03dda call 7ff62aa09400 586->591 592 7ff62aa03d98-7ff62aa03d9f 586->592 607 7ff62aa03ddc 591->607 608 7ff62aa03de8-7ff62aa03e04 SetDllDirectoryW 591->608 592->591 597 7ff62aa03da1-7ff62aa03da5 592->597 594->538 595->532 597->591 603 7ff62aa03da7-7ff62aa03dbe SetDllDirectoryW LoadLibraryExW 597->603 599->583 600->586 601->595 602->586 603->591 607->608 609 7ff62aa03f01-7ff62aa03f08 608->609 610 7ff62aa03e0a-7ff62aa03e19 call 7ff62aa08a20 608->610 615 7ff62aa03f0e-7ff62aa03f15 609->615 616 7ff62aa03ffc-7ff62aa04004 609->616 623 7ff62aa03e32-7ff62aa03e3c call 7ff62aa14fa0 610->623 624 7ff62aa03e1b-7ff62aa03e21 610->624 615->616 619 7ff62aa03f1b-7ff62aa03f25 call 7ff62aa033c0 615->619 620 7ff62aa04029-7ff62aa04034 call 7ff62aa036a0 call 7ff62aa03360 616->620 621 7ff62aa04006-7ff62aa04023 PostMessageW GetMessageW 616->621 619->595 631 7ff62aa03f2b-7ff62aa03f3f call 7ff62aa090c0 619->631 635 7ff62aa04039-7ff62aa0405b call 7ff62aa03670 call 7ff62aa06fb0 call 7ff62aa06d60 620->635 621->620 636 7ff62aa03ef2-7ff62aa03efc call 7ff62aa08b30 623->636 637 7ff62aa03e42-7ff62aa03e48 623->637 627 7ff62aa03e23-7ff62aa03e2b 624->627 628 7ff62aa03e2d-7ff62aa03e2f 624->628 627->628 628->623 642 7ff62aa03f64-7ff62aa03fa7 call 7ff62aa08b30 call 7ff62aa08bd0 call 7ff62aa06fb0 call 7ff62aa06d60 call 7ff62aa08ad0 631->642 643 7ff62aa03f41-7ff62aa03f5e PostMessageW GetMessageW 631->643 636->609 637->636 641 7ff62aa03e4e-7ff62aa03e54 637->641 645 7ff62aa03e5f-7ff62aa03e61 641->645 646 7ff62aa03e56-7ff62aa03e58 641->646 684 7ff62aa03fe9-7ff62aa03ff7 call 7ff62aa01900 642->684 685 7ff62aa03fa9-7ff62aa03fb3 call 7ff62aa09200 642->685 643->642 645->609 650 7ff62aa03e67-7ff62aa03e83 call 7ff62aa06db0 call 7ff62aa07330 645->650 649 7ff62aa03e5a 646->649 646->650 649->609 662 7ff62aa03e85-7ff62aa03e8c 650->662 663 7ff62aa03e8e-7ff62aa03e95 650->663 665 7ff62aa03edb-7ff62aa03ef0 call 7ff62aa02a50 call 7ff62aa06fb0 call 7ff62aa06d60 662->665 666 7ff62aa03eaf-7ff62aa03eb9 call 7ff62aa071a0 663->666 667 7ff62aa03e97-7ff62aa03ea4 call 7ff62aa06df0 663->667 665->609 679 7ff62aa03ec4-7ff62aa03ed2 call 7ff62aa074e0 666->679 680 7ff62aa03ebb-7ff62aa03ec2 666->680 667->666 678 7ff62aa03ea6-7ff62aa03ead 667->678 678->665 679->609 690 7ff62aa03ed4 679->690 680->665 684->595 685->684 694 7ff62aa03fb5-7ff62aa03fca 685->694 690->665 695 7ff62aa03fe4 call 7ff62aa02a50 694->695 696 7ff62aa03fcc-7ff62aa03fdf call 7ff62aa02710 call 7ff62aa01900 694->696 695->684 696->595
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                                        • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                                        • API String ID: 2776309574-4232158417
                                                                                                                                                                                                                        • Opcode ID: d02545141998fec8b25848ae1ed1df906e7abc4b971c3e4ab34b798fb2006b6e
                                                                                                                                                                                                                        • Instruction ID: 67b040012f8869bf0cc3721e0bd71b5772ac42cefd55264ded25eb8e612ad576
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d02545141998fec8b25848ae1ed1df906e7abc4b971c3e4ab34b798fb2006b6e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91329D21A0CB8291FF259B25DC543F967A1AF45784F8440F2DA4DC36C2EFACE56AC312
                                                                                                                                                                                                                        Function 00007FF62AA269D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1150 7ff62aa269d4-7ff62aa26a47 call 7ff62aa26708 1153 7ff62aa26a49-7ff62aa26a52 call 7ff62aa14f58 1150->1153 1154 7ff62aa26a61-7ff62aa26a6b call 7ff62aa18590 1150->1154 1159 7ff62aa26a55-7ff62aa26a5c call 7ff62aa14f78 1153->1159 1160 7ff62aa26a86-7ff62aa26aef CreateFileW 1154->1160 1161 7ff62aa26a6d-7ff62aa26a84 call 7ff62aa14f58 call 7ff62aa14f78 1154->1161 1176 7ff62aa26da2-7ff62aa26dc2 1159->1176 1162 7ff62aa26b6c-7ff62aa26b77 GetFileType 1160->1162 1163 7ff62aa26af1-7ff62aa26af7 1160->1163 1161->1159 1169 7ff62aa26b79-7ff62aa26bb4 GetLastError call 7ff62aa14eec CloseHandle 1162->1169 1170 7ff62aa26bca-7ff62aa26bd1 1162->1170 1166 7ff62aa26b39-7ff62aa26b67 GetLastError call 7ff62aa14eec 1163->1166 1167 7ff62aa26af9-7ff62aa26afd 1163->1167 1166->1159 1167->1166 1174 7ff62aa26aff-7ff62aa26b37 CreateFileW 1167->1174 1169->1159 1185 7ff62aa26bba-7ff62aa26bc5 call 7ff62aa14f78 1169->1185 1172 7ff62aa26bd9-7ff62aa26bdc 1170->1172 1173 7ff62aa26bd3-7ff62aa26bd7 1170->1173 1180 7ff62aa26be2-7ff62aa26c37 call 7ff62aa184a8 1172->1180 1181 7ff62aa26bde 1172->1181 1173->1180 1174->1162 1174->1166 1188 7ff62aa26c56-7ff62aa26c87 call 7ff62aa26488 1180->1188 1189 7ff62aa26c39-7ff62aa26c45 call 7ff62aa26910 1180->1189 1181->1180 1185->1159 1195 7ff62aa26c89-7ff62aa26c8b 1188->1195 1196 7ff62aa26c8d-7ff62aa26ccf 1188->1196 1189->1188 1197 7ff62aa26c47 1189->1197 1198 7ff62aa26c49-7ff62aa26c51 call 7ff62aa1ab30 1195->1198 1199 7ff62aa26cf1-7ff62aa26cfc 1196->1199 1200 7ff62aa26cd1-7ff62aa26cd5 1196->1200 1197->1198 1198->1176 1202 7ff62aa26da0 1199->1202 1203 7ff62aa26d02-7ff62aa26d06 1199->1203 1200->1199 1201 7ff62aa26cd7-7ff62aa26cec 1200->1201 1201->1199 1202->1176 1203->1202 1205 7ff62aa26d0c-7ff62aa26d51 CloseHandle CreateFileW 1203->1205 1207 7ff62aa26d86-7ff62aa26d9b 1205->1207 1208 7ff62aa26d53-7ff62aa26d81 GetLastError call 7ff62aa14eec call 7ff62aa186d0 1205->1208 1207->1202 1208->1207
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1617910340-0
                                                                                                                                                                                                                        • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                        • Instruction ID: f61182b1fbfb81ec90ba41fc52b128f786f05fd2267b8303c2aac27ae53aff09
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 72C1B132B29A4586EF10CF69C8906AC3761EB49B98F015275DF2E97BD4CF78D462C301
                                                                                                                                                                                                                        Function 00007FF62AA092F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                        • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                        • Instruction ID: 42e90d8a71fcb80385192c4ea48d4e164e9cc5e380cf764e525cdb22d2296a8a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8CF06822A1D74287FFA08F60B8897667390BF84764F040379DAAD42BD4DF7CE05A8E01
                                                                                                                                                                                                                        Function 00007FFDFF1A1230 Relevance: 1.7, APIs: 1, Instructions: 204COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967063478.00007FFDFF191000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967038269.00007FFDFF190000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967169872.00007FFDFF2C4000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967290191.00007FFDFF2F3000.00000004.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967409536.00007FFDFF2F8000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffdff190000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: InfoSystem
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 31276548-0
                                                                                                                                                                                                                        • Opcode ID: 0609f6becf4837133f86ac5623d419228c70d3b405efdb4a8828f98acc38b35e
                                                                                                                                                                                                                        • Instruction ID: cee4ef4ab749d5d3e218c3244ad454238a61d38fe4d84fad69f554a707cc97be
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0609f6becf4837133f86ac5623d419228c70d3b405efdb4a8828f98acc38b35e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 57A1E626F1AB8781FF548B45A874A7423A4BF55B40F540739C93EEA7E8DF2CE8948600
                                                                                                                                                                                                                        Function 00007FFE00761C1C Relevance: 70.6, APIs: 37, Strings: 3, Instructions: 608COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$memcpy$L_cleanseO_clear_flagsO_set_flags
                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_s3.c$SSL alert number %d$ssl3_read_bytes
                                                                                                                                                                                                                        • API String ID: 480058824-3615793073
                                                                                                                                                                                                                        • Opcode ID: 6ce1f1e6ab867371c9ac5fdbcfd9244af31884eb36a4143032fe0f8282fb1a6d
                                                                                                                                                                                                                        • Instruction ID: 738c165213475991afcbc779d8b9997de6d7c2624c079f0245d5d57613dddbe1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6ce1f1e6ab867371c9ac5fdbcfd9244af31884eb36a4143032fe0f8282fb1a6d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FC524021A0E68285FB68BB25D8443B926A5EFC2B84F5C4035EB4E477ADDF3DE841C741
                                                                                                                                                                                                                        Function 00007FFE007614BF Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 229COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 702 7ffe007614bf-7ffe007bf1b6 call 7ffe00761325 * 2 709 7ffe007bf1bc-7ffe007bf1d3 ERR_clear_error SetLastError 702->709 710 7ffe007bf4d4-7ffe007bf4ee 702->710 711 7ffe007bf1d5-7ffe007bf1dc 709->711 712 7ffe007bf1e3-7ffe007bf1ea 709->712 711->712 713 7ffe007bf1f8-7ffe007bf202 712->713 714 7ffe007bf1ec-7ffe007bf1f0 712->714 715 7ffe007bf214-7ffe007bf219 713->715 717 7ffe007bf204-7ffe007bf20e call 7ffe0076192e 713->717 714->715 716 7ffe007bf1f2-7ffe007bf1f6 714->716 719 7ffe007bf21b-7ffe007bf21e 715->719 720 7ffe007bf225 715->720 716->713 716->715 717->710 717->715 721 7ffe007bf229-7ffe007bf230 719->721 723 7ffe007bf220 719->723 720->721 724 7ffe007bf275-7ffe007bf28a 721->724 725 7ffe007bf232-7ffe007bf239 721->725 726 7ffe007bf3f1-7ffe007bf3f4 723->726 729 7ffe007bf2d9-7ffe007bf2e3 724->729 730 7ffe007bf28c-7ffe007bf296 724->730 727 7ffe007bf23b-7ffe007bf242 725->727 728 7ffe007bf265-7ffe007bf270 725->728 731 7ffe007bf409-7ffe007bf40c 726->731 732 7ffe007bf3f6-7ffe007bf3f9 call 7ffe007becc0 726->732 727->728 735 7ffe007bf244-7ffe007bf253 727->735 728->724 733 7ffe007bf2f1-7ffe007bf308 call 7ffe007620cc 729->733 734 7ffe007bf2e5-7ffe007bf2ef ERR_new 729->734 730->733 738 7ffe007bf298-7ffe007bf29b 730->738 736 7ffe007bf440-7ffe007bf444 731->736 737 7ffe007bf40e-7ffe007bf411 call 7ffe007bf6b0 731->737 746 7ffe007bf3fe-7ffe007bf401 732->746 760 7ffe007bf316-7ffe007bf31d 733->760 761 7ffe007bf30a-7ffe007bf314 ERR_new 733->761 740 7ffe007bf2ae-7ffe007bf2d4 ERR_set_debug call 7ffe00761d8e 734->740 735->728 742 7ffe007bf255-7ffe007bf25c 735->742 747 7ffe007bf446-7ffe007bf449 736->747 748 7ffe007bf44b-7ffe007bf479 ERR_new ERR_set_debug call 7ffe00761d8e 736->748 753 7ffe007bf416-7ffe007bf419 737->753 744 7ffe007bf29d-7ffe007bf2a2 738->744 745 7ffe007bf2a4-7ffe007bf2a9 ERR_new 738->745 756 7ffe007bf4ad-7ffe007bf4bb BUF_MEM_free 740->756 742->728 752 7ffe007bf25e-7ffe007bf263 742->752 744->733 744->745 745->740 755 7ffe007bf407 746->755 746->756 747->748 749 7ffe007bf47e-7ffe007bf4a8 ERR_new ERR_set_debug ERR_set_error 747->749 748->749 749->756 752->724 752->728 762 7ffe007bf42d-7ffe007bf430 753->762 763 7ffe007bf41b-7ffe007bf42b 753->763 758 7ffe007bf3e8-7ffe007bf3ed 755->758 756->710 759 7ffe007bf4bd-7ffe007bf4cb 756->759 758->726 764 7ffe007bf4cd 759->764 765 7ffe007bf4d2 759->765 766 7ffe007bf366-7ffe007bf370 call 7ffe0076207c 760->766 767 7ffe007bf31f-7ffe007bf32a call 7ffe007dde03 760->767 761->740 762->756 768 7ffe007bf432-7ffe007bf43e 762->768 763->726 764->765 765->710 773 7ffe007bf381-7ffe007bf399 call 7ffe00761ff5 766->773 774 7ffe007bf372-7ffe007bf37c ERR_new 766->774 775 7ffe007bf32c-7ffe007bf336 ERR_new 767->775 776 7ffe007bf33b-7ffe007bf34b call 7ffe007dd335 767->776 768->756 781 7ffe007bf39b-7ffe007bf3a5 ERR_new 773->781 782 7ffe007bf3aa-7ffe007bf3ae 773->782 774->740 775->740 783 7ffe007bf34d-7ffe007bf357 ERR_new 776->783 784 7ffe007bf35c-7ffe007bf363 776->784 781->740 785 7ffe007bf3b6-7ffe007bf3bd 782->785 786 7ffe007bf3b0-7ffe007bf3b4 782->786 783->740 784->766 785->758 787 7ffe007bf3bf-7ffe007bf3c9 call 7ffe0076186b 785->787 786->785 786->787 787->756 790 7ffe007bf3cf-7ffe007bf3d6 787->790 791 7ffe007bf3d8-7ffe007bf3df 790->791 792 7ffe007bf3e1 790->792 791->758 791->792 792->758
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$R_set_debug$ErrorLastM_freeR_clear_errorR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                                                        • API String ID: 1370845099-1722249466
                                                                                                                                                                                                                        • Opcode ID: 0d32384d7316208965964d29d91abcf0daa34d1bc1be83e9d84aa4d08f48a424
                                                                                                                                                                                                                        • Instruction ID: f76e6f8e5446e7c8126656ef66b40b4505566e243c94897083714a2b70a0fa8f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0d32384d7316208965964d29d91abcf0daa34d1bc1be83e9d84aa4d08f48a424
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46A12D26A0E64385FB64BA25D8413BD22A5EF41F44F5C4436DB4D467FECE3CE8828752
                                                                                                                                                                                                                        Function 00007FF62AA01950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 793 7ff62aa01950-7ff62aa0198b call 7ff62aa045b0 796 7ff62aa01991-7ff62aa019d1 call 7ff62aa07f80 793->796 797 7ff62aa01c4e-7ff62aa01c72 call 7ff62aa0c5c0 793->797 802 7ff62aa01c3b-7ff62aa01c3e call 7ff62aa100bc 796->802 803 7ff62aa019d7-7ff62aa019e7 call 7ff62aa10744 796->803 807 7ff62aa01c43-7ff62aa01c4b 802->807 808 7ff62aa019e9-7ff62aa01a03 call 7ff62aa14f78 call 7ff62aa02910 803->808 809 7ff62aa01a08-7ff62aa01a24 call 7ff62aa1040c 803->809 807->797 808->802 815 7ff62aa01a45-7ff62aa01a5a call 7ff62aa14f98 809->815 816 7ff62aa01a26-7ff62aa01a40 call 7ff62aa14f78 call 7ff62aa02910 809->816 822 7ff62aa01a5c-7ff62aa01a76 call 7ff62aa14f78 call 7ff62aa02910 815->822 823 7ff62aa01a7b-7ff62aa01b05 call 7ff62aa01c80 * 2 call 7ff62aa10744 call 7ff62aa14fb4 815->823 816->802 822->802 837 7ff62aa01b0a-7ff62aa01b14 823->837 838 7ff62aa01b35-7ff62aa01b4e call 7ff62aa1040c 837->838 839 7ff62aa01b16-7ff62aa01b30 call 7ff62aa14f78 call 7ff62aa02910 837->839 845 7ff62aa01b50-7ff62aa01b6a call 7ff62aa14f78 call 7ff62aa02910 838->845 846 7ff62aa01b6f-7ff62aa01b8b call 7ff62aa10180 838->846 839->802 845->802 852 7ff62aa01b9e-7ff62aa01bac 846->852 853 7ff62aa01b8d-7ff62aa01b99 call 7ff62aa02710 846->853 852->802 856 7ff62aa01bb2-7ff62aa01bb9 852->856 853->802 859 7ff62aa01bc1-7ff62aa01bc7 856->859 860 7ff62aa01be0-7ff62aa01bef 859->860 861 7ff62aa01bc9-7ff62aa01bd6 859->861 860->860 862 7ff62aa01bf1-7ff62aa01bfa 860->862 861->862 863 7ff62aa01c0f 862->863 864 7ff62aa01bfc-7ff62aa01bff 862->864 866 7ff62aa01c11-7ff62aa01c24 863->866 864->863 865 7ff62aa01c01-7ff62aa01c04 864->865 865->863 869 7ff62aa01c06-7ff62aa01c09 865->869 867 7ff62aa01c2d-7ff62aa01c39 866->867 868 7ff62aa01c26 866->868 867->802 867->859 868->867 869->863 870 7ff62aa01c0b-7ff62aa01c0d 869->870 870->866
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA07F80: _fread_nolock.LIBCMT ref: 00007FF62AA0802A
                                                                                                                                                                                                                        • _fread_nolock.LIBCMT ref: 00007FF62AA01A1B
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF62AA01B6A), ref: 00007FF62AA0295E
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                                        • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2397952137-3497178890
                                                                                                                                                                                                                        • Opcode ID: cf2c84c22f69f7fd9ef77d3daf6dfed05904346f4a6f89c61418df1a2be62197
                                                                                                                                                                                                                        • Instruction ID: f71635bdef88795134f1f73961bec14f13e0130a068d999d9143efd884a32ea6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf2c84c22f69f7fd9ef77d3daf6dfed05904346f4a6f89c61418df1a2be62197
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8981C371A0D68686EF61DB25D8413F933A0EF48784F4440B5EA8DC7B85DEBCE58B8742
                                                                                                                                                                                                                        Function 00007FFE007BECC0 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 207COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 871 7ffe007becc0-7ffe007becf1 call 7ffe00761325 874 7ffe007bed01-7ffe007bed59 871->874 875 7ffe007becf3-7ffe007becfa 871->875 876 7ffe007bed68-7ffe007bed6c 874->876 877 7ffe007bed5b-7ffe007bed65 874->877 875->874 878 7ffe007bed70-7ffe007bed75 876->878 877->876 879 7ffe007bed77-7ffe007bed7a 878->879 880 7ffe007bedb4-7ffe007bedca 878->880 883 7ffe007bed80-7ffe007bed83 879->883 884 7ffe007bee94-7ffe007beeaa 879->884 881 7ffe007bedcc-7ffe007bedd1 call 7ffe007626a8 880->881 882 7ffe007bedd3 call 7ffe00762252 880->882 892 7ffe007bedd8-7ffe007bedda 881->892 882->892 889 7ffe007bed89-7ffe007bed8c 883->889 890 7ffe007bef80-7ffe007bef85 ERR_new 883->890 887 7ffe007beeac-7ffe007beeb1 call 7ffe007615e1 884->887 888 7ffe007beeb3 call 7ffe007611c7 884->888 901 7ffe007beeb8-7ffe007beeba 887->901 888->901 900 7ffe007bed92-7ffe007bed98 889->900 893 7ffe007bef8a-7ffe007befa8 ERR_set_debug 890->893 896 7ffe007bede0-7ffe007bede3 892->896 897 7ffe007bf053 892->897 898 7ffe007bf048-7ffe007bf04e call 7ffe00761d8e 893->898 903 7ffe007bee01-7ffe007bee0d 896->903 904 7ffe007bede5-7ffe007bedf7 896->904 905 7ffe007bf055-7ffe007bf06c 897->905 898->897 900->876 906 7ffe007bed9a-7ffe007bedaa 900->906 901->897 907 7ffe007beec0-7ffe007beed8 901->907 903->897 914 7ffe007bee13-7ffe007bee23 903->914 908 7ffe007bedf9 904->908 909 7ffe007bedfe 904->909 906->880 910 7ffe007bf011-7ffe007bf01b ERR_new 907->910 911 7ffe007beede-7ffe007bef04 907->911 908->909 909->903 910->893 915 7ffe007beff6-7ffe007beffa 911->915 916 7ffe007bef0a-7ffe007bef0d 911->916 922 7ffe007bee29-7ffe007bee37 914->922 923 7ffe007bf020-7ffe007bf042 ERR_new ERR_set_debug 914->923 917 7ffe007beffc-7ffe007bf000 915->917 918 7ffe007bf002-7ffe007bf00c ERR_set_debug ERR_new 915->918 920 7ffe007befd7-7ffe007befe5 916->920 921 7ffe007bef13-7ffe007bef16 916->921 917->897 917->918 918->898 930 7ffe007befe7-7ffe007befea call 7ffe00762540 920->930 931 7ffe007befef-7ffe007beff4 920->931 925 7ffe007bef18-7ffe007bef1b 921->925 926 7ffe007bef20-7ffe007bef2e 921->926 928 7ffe007bee39-7ffe007bee3c 922->928 929 7ffe007bee85-7ffe007bee8d 922->929 923->898 925->878 926->878 928->929 932 7ffe007bee3e-7ffe007bee5f BUF_MEM_grow_clean 928->932 929->884 930->931 931->905 934 7ffe007befad-7ffe007befd5 ERR_new ERR_set_debug 932->934 935 7ffe007bee65-7ffe007bee68 932->935 934->898 935->934 936 7ffe007bee6e-7ffe007bee83 935->936 936->929
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem.c$read_state_machine
                                                                                                                                                                                                                        • API String ID: 0-3323778802
                                                                                                                                                                                                                        • Opcode ID: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
                                                                                                                                                                                                                        • Instruction ID: 5950f759f015d0072274ed771df001d21ae814bddff0f7183bf735b075de03a0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8972936501a879b7e84c5051af7770807ba9d65b882bacb7b5450dec163fd8f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA914A22A0A64685FB60BB25D8543B927A1EF84B48F5C4136DB4E477BDCF7DE846C340
                                                                                                                                                                                                                        Function 00007FF62AA02180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                                        • String ID: P%
                                                                                                                                                                                                                        • API String ID: 2147705588-2959514604
                                                                                                                                                                                                                        • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                        • Instruction ID: cd2d4e7605593df1d456dc5a4f0f412d8107dcd15d7a8687e2ef6a4d50aa7c7d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E751F8266087A187DB349F36E8581BAB7A1FB98B61F004125EFDE83694DF7CD046DB10
                                                                                                                                                                                                                        Function 00007FFE007BF6B0 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 217COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 947 7ffe007bf6b0-7ffe007bf6dc call 7ffe00761325 950 7ffe007bf6ec-7ffe007bf73c 947->950 951 7ffe007bf6de-7ffe007bf6e5 947->951 952 7ffe007bf740-7ffe007bf745 950->952 951->950 953 7ffe007bf74b-7ffe007bf74e 952->953 954 7ffe007bf954-7ffe007bf957 952->954 955 7ffe007bf78a-7ffe007bf799 953->955 956 7ffe007bf750-7ffe007bf753 953->956 957 7ffe007bf959-7ffe007bf96b 954->957 958 7ffe007bf974-7ffe007bf97d 954->958 975 7ffe007bf79b-7ffe007bf7a5 955->975 976 7ffe007bf7b1-7ffe007bf7ce 955->976 959 7ffe007bf759-7ffe007bf75c 956->959 960 7ffe007bf8ab-7ffe007bf8ba 956->960 961 7ffe007bf96d 957->961 962 7ffe007bf972 957->962 969 7ffe007bfa45-7ffe007bfa49 958->969 970 7ffe007bf983-7ffe007bf986 958->970 964 7ffe007bf925-7ffe007bf92b call 7ffe007c10e2 959->964 965 7ffe007bf762-7ffe007bf785 ERR_new ERR_set_debug 959->965 966 7ffe007bf8bc-7ffe007bf8c0 960->966 967 7ffe007bf8ca-7ffe007bf8d0 960->967 961->962 962->958 983 7ffe007bf92d-7ffe007bf933 964->983 971 7ffe007bfa74-7ffe007bfa7f call 7ffe00761d8e 965->971 966->967 972 7ffe007bf8c2-7ffe007bf8c5 call 7ffe00761cf8 966->972 973 7ffe007bf8ea-7ffe007bf901 967->973 974 7ffe007bf8d2-7ffe007bf8d5 967->974 981 7ffe007bfa4b-7ffe007bfa4f 969->981 982 7ffe007bfa51-7ffe007bfa56 ERR_new 969->982 979 7ffe007bf998-7ffe007bf99f 970->979 980 7ffe007bf988-7ffe007bf98b 970->980 991 7ffe007bfa84 971->991 972->967 977 7ffe007bf90a call 7ffe00761528 973->977 978 7ffe007bf903-7ffe007bf908 call 7ffe00761294 973->978 974->973 986 7ffe007bf8d7-7ffe007bf8e8 974->986 975->976 976->991 994 7ffe007bf7d4-7ffe007bf7dc 976->994 996 7ffe007bf90f-7ffe007bf911 977->996 978->996 998 7ffe007bf9ca-7ffe007bf9d8 call 7ffe00761b9a 979->998 980->952 990 7ffe007bf991-7ffe007bf993 980->990 981->982 981->991 992 7ffe007bfa5b-7ffe007bfa6e ERR_set_debug 982->992 983->952 993 7ffe007bf939-7ffe007bf943 983->993 986->996 997 7ffe007bfa86-7ffe007bfa9e 990->997 991->997 992->971 993->954 1000 7ffe007bf7f1-7ffe007bf804 call 7ffe00761389 994->1000 1001 7ffe007bf7de-7ffe007bf7ec 994->1001 996->991 1002 7ffe007bf917-7ffe007bf91e 996->1002 1007 7ffe007bf9da-7ffe007bf9de 998->1007 1008 7ffe007bf9e4-7ffe007bf9ee ERR_new 998->1008 1009 7ffe007bfa2c-7ffe007bfa3b call 7ffe00761b9a ERR_new 1000->1009 1010 7ffe007bf80a-7ffe007bf82b 1000->1010 1001->952 1002->964 1007->991 1007->1008 1008->992 1009->969 1010->1009 1014 7ffe007bf831-7ffe007bf83c 1010->1014 1015 7ffe007bf83e-7ffe007bf84a 1014->1015 1016 7ffe007bf872-7ffe007bf893 1014->1016 1015->998 1021 7ffe007bf850-7ffe007bf853 1015->1021 1019 7ffe007bf899-7ffe007bf8a5 call 7ffe00761140 1016->1019 1020 7ffe007bfa13-7ffe007bfa22 call 7ffe00761b9a ERR_new 1016->1020 1019->960 1019->1020 1020->1009 1021->1016 1024 7ffe007bf855-7ffe007bf86d call 7ffe00761b9a 1021->1024 1024->952
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FFE007BF416), ref: 00007FFE007BF762
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,FFFFFFFF,00000000,00007FFE007BF416), ref: 00007FFE007BF77A
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem.c$write_state_machine
                                                                                                                                                                                                                        • API String ID: 193678381-552286378
                                                                                                                                                                                                                        • Opcode ID: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
                                                                                                                                                                                                                        • Instruction ID: e9c4ea9c6ad663199da12252742454649599639d334924b0afd7ade956921b46
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5d1fe94fccde403d4ccffd35c49600b4c13cc4e7178492653a3fc2a8d140b00
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6A14B32A0A64386EB64AF25D8543B923A0FB45B48F8C4136DB4E877BDDE3DE945C701
                                                                                                                                                                                                                        Function 00007FF62AA01470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                                        • API String ID: 2050909247-3659356012
                                                                                                                                                                                                                        • Opcode ID: 236ba73ab6ce1d92c64f8567c5591b24870a479b754ba208a06bcc9b11321583
                                                                                                                                                                                                                        • Instruction ID: 0686dfa597feac8de16496ce6578a7a051787c87fedc780742f5de11c53966d6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 236ba73ab6ce1d92c64f8567c5591b24870a479b754ba208a06bcc9b11321583
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33418D62A0864296EF10DF229C413F96390AF44784F4444B6EE4D8BB99DEBCE54B8742
                                                                                                                                                                                                                        Function 00007FF62AA01210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1213 7ff62aa01210-7ff62aa0126d call 7ff62aa0bdf0 1216 7ff62aa0126f-7ff62aa01296 call 7ff62aa02710 1213->1216 1217 7ff62aa01297-7ff62aa012af call 7ff62aa14fb4 1213->1217 1222 7ff62aa012d4-7ff62aa012e4 call 7ff62aa14fb4 1217->1222 1223 7ff62aa012b1-7ff62aa012cf call 7ff62aa14f78 call 7ff62aa02910 1217->1223 1228 7ff62aa01309-7ff62aa0131b 1222->1228 1229 7ff62aa012e6-7ff62aa01304 call 7ff62aa14f78 call 7ff62aa02910 1222->1229 1236 7ff62aa01439-7ff62aa0146d call 7ff62aa0bad0 call 7ff62aa14fa0 * 2 1223->1236 1232 7ff62aa01320-7ff62aa01345 call 7ff62aa1040c 1228->1232 1229->1236 1242 7ff62aa01431 1232->1242 1243 7ff62aa0134b-7ff62aa01355 call 7ff62aa10180 1232->1243 1242->1236 1243->1242 1248 7ff62aa0135b-7ff62aa01367 1243->1248 1251 7ff62aa01370-7ff62aa01398 call 7ff62aa0a230 1248->1251 1254 7ff62aa0139a-7ff62aa0139d 1251->1254 1255 7ff62aa01416-7ff62aa0142c call 7ff62aa02710 1251->1255 1256 7ff62aa01411 1254->1256 1257 7ff62aa0139f-7ff62aa013a9 1254->1257 1255->1242 1256->1255 1259 7ff62aa013d4-7ff62aa013d7 1257->1259 1260 7ff62aa013ab-7ff62aa013b9 call 7ff62aa10b4c 1257->1260 1262 7ff62aa013ea-7ff62aa013ef 1259->1262 1263 7ff62aa013d9-7ff62aa013e7 call 7ff62aa29ea0 1259->1263 1264 7ff62aa013be-7ff62aa013c1 1260->1264 1262->1251 1266 7ff62aa013f5-7ff62aa013f8 1262->1266 1263->1262 1269 7ff62aa013c3-7ff62aa013cd call 7ff62aa10180 1264->1269 1270 7ff62aa013cf-7ff62aa013d2 1264->1270 1267 7ff62aa0140c-7ff62aa0140f 1266->1267 1268 7ff62aa013fa-7ff62aa013fd 1266->1268 1267->1242 1268->1255 1272 7ff62aa013ff-7ff62aa01407 1268->1272 1269->1262 1269->1270 1270->1255 1272->1232
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                                        • API String ID: 2050909247-2813020118
                                                                                                                                                                                                                        • Opcode ID: 8f527a029b5cc2fd8811f292069cd2c15cb7a9cc290ce7306b7b2f094b3deaa1
                                                                                                                                                                                                                        • Instruction ID: fa199e5d8f1a8889b9edddd7211cd4dac33998ca9f0bef0c518d17a1def88db5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f527a029b5cc2fd8811f292069cd2c15cb7a9cc290ce7306b7b2f094b3deaa1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF51D262A0964246EF609B16EC403FA6290BF85B94F444171EE4DC7BD5EEBCE54BC302
                                                                                                                                                                                                                        Function 00007FF62AA036B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,00007FF62AA03804), ref: 00007FF62AA036E1
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00007FF62AA03804), ref: 00007FF62AA036EB
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF62AA03706,?,00007FF62AA03804), ref: 00007FF62AA02C9E
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF62AA03706,?,00007FF62AA03804), ref: 00007FF62AA02D63
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA02C50: MessageBoxW.USER32 ref: 00007FF62AA02D99
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                                        • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                                        • API String ID: 3187769757-2863816727
                                                                                                                                                                                                                        • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                        • Instruction ID: 7eaeb93e02ae426c6a7bfbe813f5e98965e7abd4161fc4bae11e3f29ac39567e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C21AE61B0CA4291FF20DB21EC403BA6250BF98384F8041B2E65DC2AD5EEACE10AC742
                                                                                                                                                                                                                        Function 00007FF62AA1BACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1374 7ff62aa1bacc-7ff62aa1baf2 1375 7ff62aa1bb0d-7ff62aa1bb11 1374->1375 1376 7ff62aa1baf4-7ff62aa1bb08 call 7ff62aa14f58 call 7ff62aa14f78 1374->1376 1378 7ff62aa1bee7-7ff62aa1bef3 call 7ff62aa14f58 call 7ff62aa14f78 1375->1378 1379 7ff62aa1bb17-7ff62aa1bb1e 1375->1379 1394 7ff62aa1befe 1376->1394 1396 7ff62aa1bef9 call 7ff62aa1a950 1378->1396 1379->1378 1381 7ff62aa1bb24-7ff62aa1bb52 1379->1381 1381->1378 1385 7ff62aa1bb58-7ff62aa1bb5f 1381->1385 1386 7ff62aa1bb78-7ff62aa1bb7b 1385->1386 1387 7ff62aa1bb61-7ff62aa1bb73 call 7ff62aa14f58 call 7ff62aa14f78 1385->1387 1392 7ff62aa1bb81-7ff62aa1bb87 1386->1392 1393 7ff62aa1bee3-7ff62aa1bee5 1386->1393 1387->1396 1392->1393 1398 7ff62aa1bb8d-7ff62aa1bb90 1392->1398 1397 7ff62aa1bf01-7ff62aa1bf18 1393->1397 1394->1397 1396->1394 1398->1387 1401 7ff62aa1bb92-7ff62aa1bbb7 1398->1401 1403 7ff62aa1bbb9-7ff62aa1bbbb 1401->1403 1404 7ff62aa1bbea-7ff62aa1bbf1 1401->1404 1407 7ff62aa1bbbd-7ff62aa1bbc4 1403->1407 1408 7ff62aa1bbe2-7ff62aa1bbe8 1403->1408 1405 7ff62aa1bbc6-7ff62aa1bbdd call 7ff62aa14f58 call 7ff62aa14f78 call 7ff62aa1a950 1404->1405 1406 7ff62aa1bbf3-7ff62aa1bc1b call 7ff62aa1d66c call 7ff62aa1a9b8 * 2 1404->1406 1435 7ff62aa1bd70 1405->1435 1437 7ff62aa1bc38-7ff62aa1bc63 call 7ff62aa1c2f4 1406->1437 1438 7ff62aa1bc1d-7ff62aa1bc33 call 7ff62aa14f78 call 7ff62aa14f58 1406->1438 1407->1405 1407->1408 1409 7ff62aa1bc68-7ff62aa1bc7f 1408->1409 1412 7ff62aa1bcfa-7ff62aa1bd04 call 7ff62aa2398c 1409->1412 1413 7ff62aa1bc81-7ff62aa1bc89 1409->1413 1424 7ff62aa1bd0a-7ff62aa1bd1f 1412->1424 1425 7ff62aa1bd8e 1412->1425 1413->1412 1416 7ff62aa1bc8b-7ff62aa1bc8d 1413->1416 1416->1412 1420 7ff62aa1bc8f-7ff62aa1bca5 1416->1420 1420->1412 1427 7ff62aa1bca7-7ff62aa1bcb3 1420->1427 1424->1425 1429 7ff62aa1bd21-7ff62aa1bd33 GetConsoleMode 1424->1429 1433 7ff62aa1bd93-7ff62aa1bdb3 ReadFile 1425->1433 1427->1412 1431 7ff62aa1bcb5-7ff62aa1bcb7 1427->1431 1429->1425 1434 7ff62aa1bd35-7ff62aa1bd3d 1429->1434 1431->1412 1436 7ff62aa1bcb9-7ff62aa1bcd1 1431->1436 1439 7ff62aa1bdb9-7ff62aa1bdc1 1433->1439 1440 7ff62aa1bead-7ff62aa1beb6 GetLastError 1433->1440 1434->1433 1442 7ff62aa1bd3f-7ff62aa1bd61 ReadConsoleW 1434->1442 1445 7ff62aa1bd73-7ff62aa1bd7d call 7ff62aa1a9b8 1435->1445 1436->1412 1446 7ff62aa1bcd3-7ff62aa1bcdf 1436->1446 1437->1409 1438->1435 1439->1440 1448 7ff62aa1bdc7 1439->1448 1443 7ff62aa1beb8-7ff62aa1bece call 7ff62aa14f78 call 7ff62aa14f58 1440->1443 1444 7ff62aa1bed3-7ff62aa1bed6 1440->1444 1451 7ff62aa1bd63 GetLastError 1442->1451 1452 7ff62aa1bd82-7ff62aa1bd8c 1442->1452 1443->1435 1456 7ff62aa1bd69-7ff62aa1bd6b call 7ff62aa14eec 1444->1456 1457 7ff62aa1bedc-7ff62aa1bede 1444->1457 1445->1397 1446->1412 1455 7ff62aa1bce1-7ff62aa1bce3 1446->1455 1449 7ff62aa1bdce-7ff62aa1bde3 1448->1449 1449->1445 1459 7ff62aa1bde5-7ff62aa1bdf0 1449->1459 1451->1456 1452->1449 1455->1412 1463 7ff62aa1bce5-7ff62aa1bcf5 1455->1463 1456->1435 1457->1445 1465 7ff62aa1be17-7ff62aa1be1f 1459->1465 1466 7ff62aa1bdf2-7ff62aa1be0b call 7ff62aa1b6e4 1459->1466 1463->1412 1470 7ff62aa1be9b-7ff62aa1bea8 call 7ff62aa1b524 1465->1470 1471 7ff62aa1be21-7ff62aa1be33 1465->1471 1474 7ff62aa1be10-7ff62aa1be12 1466->1474 1470->1474 1475 7ff62aa1be8e-7ff62aa1be96 1471->1475 1476 7ff62aa1be35 1471->1476 1474->1445 1475->1445 1478 7ff62aa1be3a-7ff62aa1be41 1476->1478 1479 7ff62aa1be7d-7ff62aa1be88 1478->1479 1480 7ff62aa1be43-7ff62aa1be47 1478->1480 1479->1475 1481 7ff62aa1be49-7ff62aa1be50 1480->1481 1482 7ff62aa1be63 1480->1482 1481->1482 1483 7ff62aa1be52-7ff62aa1be56 1481->1483 1484 7ff62aa1be69-7ff62aa1be79 1482->1484 1483->1482 1485 7ff62aa1be58-7ff62aa1be61 1483->1485 1484->1478 1486 7ff62aa1be7b 1484->1486 1485->1484 1486->1475
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                                        • Instruction ID: b8e61f9a64087efe2799cc889ae53e3c82edbb4b47c42c0dd187d216029b3b95
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3C1F422A0D786A2EF618B1998406BD7760EF81B80F5541B5EB4E877D1CFFCE8478302
                                                                                                                                                                                                                        Function 00007FFE007D15A0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                        control_flow_graph 1487 7ffe007d15a0-7ffe007d15d0 call 7ffe00761325 1490 7ffe007d15d4-7ffe007d15de 1487->1490 1491 7ffe007d1649-7ffe007d164d 1490->1491 1492 7ffe007d15e0-7ffe007d160f call 7ffe00761c1c 1490->1492 1493 7ffe007d17a9-7ffe007d17c5 call 7ffe007626cb 1491->1493 1494 7ffe007d1653-7ffe007d1657 1491->1494 1497 7ffe007d1613-7ffe007d1615 1492->1497 1504 7ffe007d17ea-7ffe007d1819 1493->1504 1505 7ffe007d17c7-7ffe007d17e8 call 7ffe00761e47 1493->1505 1494->1493 1495 7ffe007d165d-7ffe007d1660 1494->1495 1495->1493 1498 7ffe007d1666-7ffe007d166a 1495->1498 1500 7ffe007d179b 1497->1500 1501 7ffe007d161b-7ffe007d1622 1497->1501 1498->1493 1502 7ffe007d1670-7ffe007d1674 1498->1502 1503 7ffe007d17a2-7ffe007d17a4 1500->1503 1506 7ffe007d1628-7ffe007d162b 1501->1506 1507 7ffe007d1700-7ffe007d1707 1501->1507 1502->1493 1508 7ffe007d167a-7ffe007d167e 1502->1508 1509 7ffe007d1830-7ffe007d1842 1503->1509 1513 7ffe007d181d-7ffe007d1824 1504->1513 1505->1513 1514 7ffe007d16c6-7ffe007d16fb ERR_new ERR_set_debug call 7ffe00761d8e 1506->1514 1515 7ffe007d1631-7ffe007d1647 1506->1515 1511 7ffe007d1709-7ffe007d170f 1507->1511 1512 7ffe007d1761-7ffe007d1796 ERR_new ERR_set_debug call 7ffe00761d8e 1507->1512 1508->1493 1517 7ffe007d1684-7ffe007d1695 1508->1517 1511->1512 1520 7ffe007d1711-7ffe007d1714 1511->1520 1512->1509 1521 7ffe007d182b 1513->1521 1514->1509 1515->1491 1515->1492 1517->1490 1523 7ffe007d169b-7ffe007d16c1 1517->1523 1520->1512 1525 7ffe007d1716-7ffe007d171a 1520->1525 1521->1509 1523->1490 1526 7ffe007d171c-7ffe007d1726 1525->1526 1527 7ffe007d1728-7ffe007d175c 1525->1527 1526->1503 1526->1527 1527->1521
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$tls_get_message_header
                                                                                                                                                                                                                        • API String ID: 193678381-2714770296
                                                                                                                                                                                                                        • Opcode ID: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
                                                                                                                                                                                                                        • Instruction ID: cf9a5dbcfd17ac71e20795bc7f62b5249a9ea699560f6e33ee96edbb262b5d8d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f45773da2448751231a1ca749fc05bc9d2df97a6a3f744ec35cbeb086fc78321
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E615C32A0978295EBA0EF21E5543B937A0FB44B58F5C8036DB8E577A9CF3CE4648710
                                                                                                                                                                                                                        Function 00007FF62AA06350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CurrentProcess
                                                                                                                                                                                                                        • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                                        • API String ID: 2050909247-2434346643
                                                                                                                                                                                                                        • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                        • Instruction ID: cca8f8b0fe73f83997c4609f6bbe0282ea8d23b26a6fdedd9f14999728c52cb7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6C417F21A08A8791EF21DF25ED543E96311FF54384F800172EA5D83695EFBCE61BC782
                                                                                                                                                                                                                        Function 00007FFE0077FD40 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 63COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: C_get_current_jobR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_do_handshake
                                                                                                                                                                                                                        • API String ID: 2134390360-2964568172
                                                                                                                                                                                                                        • Opcode ID: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                                        • Instruction ID: 659a38e5550898f175538b09a0f561d0873b687c5c7eb32e9504143877ac31ae
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e19f5133db6f9f0995d995d45ee5f37c3958f709a5efffcd3d50ec949d9a66b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6218022F09B4242FB51BB35E9113BA6361EF88794F5C1231EB9D067FEDE2CE5918640
                                                                                                                                                                                                                        Function 00007FF62AA02390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                                        • String ID: Unhandled exception in script
                                                                                                                                                                                                                        • API String ID: 3081866767-2699770090
                                                                                                                                                                                                                        • Opcode ID: 9d37adb8919aaa9301242e1672c0db5e18d6b44b4274937772719b263de12092
                                                                                                                                                                                                                        • Instruction ID: a8744d3894a85bb6254b7cd0480fc8e73b2d91597bc9d30359ea1406faa14a64
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d37adb8919aaa9301242e1672c0db5e18d6b44b4274937772719b263de12092
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE315E72A19A8289EF60DF21EC552FA6360FF88784F540175EA4D87B59DF7CD106C702
                                                                                                                                                                                                                        Function 00007FF62AA15698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1279662727-0
                                                                                                                                                                                                                        • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                        • Instruction ID: 0245ed9a1a8ecaf2a26b5234ac40e38f0bb41d1ff32e94acc628d66160ed0222
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C41C622D1878293FB508F219A5137973A0FF94764F108375EA9C43AD1DFBCA4E28741
                                                                                                                                                                                                                        Function 00007FF62AA020C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1956198572-0
                                                                                                                                                                                                                        • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                        • Instruction ID: 95f75e6f52dddea2f10a09702319d28f82818d1eceb9a5322a929940bd164617
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B11A931B1C24242FF549B6AED843B99291EF98780F444070DB4947F99CDADE8DA8201
                                                                                                                                                                                                                        Function 00007FF62AA0CCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3251591375-0
                                                                                                                                                                                                                        • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                        • Instruction ID: fcb42fb5d10f2b690698be838d662c960e2b6a27f3cd0c528cf0c6c7cadf70ea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5315A21E0C20356FF54AF65DC613B92791AF41384F4444B5EA4ECB2D3DEADA80BC243
                                                                                                                                                                                                                        Function 00007FFE007BF070 Relevance: 3.3, APIs: 2, Instructions: 303COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1231514297-0
                                                                                                                                                                                                                        • Opcode ID: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
                                                                                                                                                                                                                        • Instruction ID: 6ef378361b40011260eda6503fe923329641f169ad23eeca6a372cdf930790fb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8603938ac5e1fbf28ba7d9b8f40a04eb8b77d7e104ff7c3c46d49aacb8bdd123
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46219F32A0A7828AEB64BA25EC413BD22A0FF00F84F2C4435DB49423A9DE3CE841C651
                                                                                                                                                                                                                        Function 00007FF62AA101AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                        • Instruction ID: d0549ce0b71cc09f3f3217c239b0ea7fbd8b77f7099fffad720ee9bfb5d54a91
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9512661B09642A6FF289E369C0267A7291BF44BA4F144774EE6DD77C5CFBCE4038602
                                                                                                                                                                                                                        Function 00007FFE00761DF7 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorLastM_freeR_clear_error
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1231514297-0
                                                                                                                                                                                                                        • Opcode ID: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
                                                                                                                                                                                                                        • Instruction ID: 4ba38de0d793e79f5433e7b1043c8941d3493797251b4406aec5e36ff450be78
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e1f5a9259e0aa48b60180f011c1c6fd63c9391dcfad61ef29b2cdf2ae2c5ec5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16214D32E0A68685FB64BA25EC453B922E4FF41F54F2C8435DB0E467BDCE3CE9818651
                                                                                                                                                                                                                        Function 00007FF62AA1C1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ErrorFileLastPointer
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2976181284-0
                                                                                                                                                                                                                        • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                        • Instruction ID: 5074b4de7b6b2b7f3ae11e7979f33497d0a01b54d6606124156d581f120c56c7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB11C161618B8192DF208B25AC04179A361FF45BF4F544371EE7D8BBE9CEBCD4128701
                                                                                                                                                                                                                        Function 00007FF62AA1ABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,00007FF62AA1AA45,?,?,00000000,00007FF62AA1AAFA), ref: 00007FF62AA1AC36
                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,00007FF62AA1AA45,?,?,00000000,00007FF62AA1AAFA), ref: 00007FF62AA1AC40
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 918212764-0
                                                                                                                                                                                                                        • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                        • Instruction ID: ade823148442a9a525333e2beb7766aba5fcfe36848eb8f9f14966e2ecc2128b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA219331F1C68252FFA557A19C9027912829F84BA0F4842B5DA2FC77D5CEECE4478312
                                                                                                                                                                                                                        Function 00007FF62AA1BF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                        • Instruction ID: 4d4b14480c82851bcd8f14ad4611bcbf70939d77d180a8a778050fc21969235f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A241D032A0934197EF749B29E94027973A0EF56B80F104175DB8EC3691CFADE403CBA2
                                                                                                                                                                                                                        Function 00007FFE007BEDB0 Relevance: 1.6, APIs: 1, Instructions: 102COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • BUF_MEM_grow_clean.LIBCRYPTO-3(?,?,?,FFFFFFFF,00000000,?,00007FFE007BF3FE), ref: 00007FFE007BEE57
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: M_grow_clean
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 964628749-0
                                                                                                                                                                                                                        • Opcode ID: 1aa8bc403af585d6ad140d3c981c2ccf0944b06950901931b16cc14dda0e7e7d
                                                                                                                                                                                                                        • Instruction ID: cc4d22f42c8f5329fa8a65cba5153aa6525b217f6eb61dc450ca21965218605c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aa8bc403af585d6ad140d3c981c2ccf0944b06950901931b16cc14dda0e7e7d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C416D32A0A68686EB64AF29D4503B92791EB44B88F1C8135DF4E477ADDF7DE841C740
                                                                                                                                                                                                                        Function 00007FF62AA07F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _fread_nolock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 840049012-0
                                                                                                                                                                                                                        • Opcode ID: 9458945410eb2caa699859c6e696b636d26cb3a8e6d6551540efdb2ae941d134
                                                                                                                                                                                                                        • Instruction ID: f4d2af9e12d7658ae0ec6a83f799315741e5ef221ef1da4be53c7324933b4a2e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9458945410eb2caa699859c6e696b636d26cb3a8e6d6551540efdb2ae941d134
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D21A621B0865296FF509F226D043BAA651BF49BD4F8C5470EE4D87B86CEBDE043C706
                                                                                                                                                                                                                        Function 00007FF62AA1B9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                                        • Instruction ID: 833ead1eb43f5fffba216f4571b03cd023fea983c1380eca827674422b2a7dee
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D531BE72A18642A7FF516B598C4137C2660AF40FA4F5201B5EA6D873E2DFFCE4438762
                                                                                                                                                                                                                        Function 00007FFE00761F4B Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_ctrl
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3605655398-0
                                                                                                                                                                                                                        • Opcode ID: 6d0a7c46b07cd7016860ecfb13084718b787f51b2db9be319604d8e51638b5c7
                                                                                                                                                                                                                        • Instruction ID: 58277d4a2bbc3f5f79f68c941b83816353fa1725271f356d8d1223aa526a6983
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d0a7c46b07cd7016860ecfb13084718b787f51b2db9be319604d8e51638b5c7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98214A3270AA8586E7509F61E440BDA7760FB85B88F484136EF8D4BB5DCF3CD5418B51
                                                                                                                                                                                                                        Function 00007FF62AA16004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                        • Instruction ID: bfc1beaba9e2d5206c016a579a3b12bd080f315d37d1f54727b67b04dcfad43c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2119022A1C74292EF619F519C0027EA2A0AF85B80F4440B1EB8DD7B96DFBDD4428782
                                                                                                                                                                                                                        Function 00007FF62AA263C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                        • Instruction ID: 1fa25d65e19aefcc274feae702fca97134763059185f8ac7fd5774c315f3e27f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E221C972618A8187DF618F1DD84037976A0FF84B54F144274EA9DC7AD5DF7DD8128B01
                                                                                                                                                                                                                        Function 00007FF62AA1042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3215553584-0
                                                                                                                                                                                                                        • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                        • Instruction ID: 4362ba88c884b80c296c3236db56a70896b1dea993dabddc89d42694d689698e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3101A161B0875251EF04DF529D0217AB691BF85FE0F0846B1EEACA7BDADEBCE0124301
                                                                                                                                                                                                                        Function 00007FF62AA09070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FF62AA09400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF62AA045E4,00000000,00007FF62AA01985), ref: 00007FF62AA09439
                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00007FF62AA06466,?,00007FF62AA0336E), ref: 00007FF62AA09092
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2592636585-0
                                                                                                                                                                                                                        • Opcode ID: 73eda9eaecff5bf44f9f7388716af429d06d22f0ccc674e1ac4a626004a37bf7
                                                                                                                                                                                                                        • Instruction ID: ddc8ac689f5f90cb6763ad4e71a7b547d9a6cb0a999c9f8835621dc7533b34a1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73eda9eaecff5bf44f9f7388716af429d06d22f0ccc674e1ac4a626004a37bf7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6D08C11B2824542EF94AB6BBA466795251AFC9BC0E98C035EE0D43B4ADC3CC0524B00
                                                                                                                                                                                                                        Function 00007FF62AA1D66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(?,?,?,00007FF62AA10D00,?,?,?,00007FF62AA1236A,?,?,?,?,?,00007FF62AA13B59), ref: 00007FF62AA1D6AA
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2963946025.00007FF62AA01000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF62AA00000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963929108.00007FF62AA00000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963969026.00007FF62AA2B000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA3E000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2963987788.00007FF62AA41000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA44000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2964017102.00007FF62AA49000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ff62aa00000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: AllocHeap
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4292702814-0
                                                                                                                                                                                                                        • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                        • Instruction ID: 98ea61506db741fc5618199cf0bf2ae9a9eb0a6651cb604c93060bf34d5cbf06
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9F08C00F2930365FF646B725D01679A2905F94BA0F8C03B0DD3EC57C2DEECB4928222

                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                        Function 00007FFE007D8870 Relevance: 125.1, APIs: 67, Strings: 4, Instructions: 811COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D88D8
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D88F0
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8992
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D89AA
                                                                                                                                                                                                                        • OPENSSL_sk_free.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D89C9
                                                                                                                                                                                                                        • OPENSSL_sk_free.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D89D2
                                                                                                                                                                                                                        • CRYPTO_free.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D89EB
                                                                                                                                                                                                                        • CRYPTO_free.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8A04
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8A66
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8A7E
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8AC2
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8ADA
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8B3E
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8B56
                                                                                                                                                                                                                        • memcmp.VCRUNTIME140(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8B86
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8BCC
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8BE4
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8BF4
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8C0C
                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8C85
                                                                                                                                                                                                                        • OPENSSL_sk_value.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8C96
                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8CEB
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8D44
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8D5C
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8D74
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE007D9E9C), ref: 00007FFE007D8D8C
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$L_sk_freeL_sk_numO_free$L_sk_valuememcmp
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$@$P$tls_early_post_process_client_hello
                                                                                                                                                                                                                        • API String ID: 2779681545-1173447675
                                                                                                                                                                                                                        • Opcode ID: a6008d50788d4bd8e7b14d0e6b79d2a197344028b5c8bfe69b644ab57267567b
                                                                                                                                                                                                                        • Instruction ID: 3d6758e3a0fc53c5761de163750c9b9a3277ae6dfcae38aae03fa3b401c27b1a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6008d50788d4bd8e7b14d0e6b79d2a197344028b5c8bfe69b644ab57267567b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1825B21A0A68285FBA0AB21D8547F927A1FB84B84F5C4036DF8D577ADDF3DE941C312
                                                                                                                                                                                                                        Function 00007FFE00761B54 Relevance: 84.6, APIs: 45, Strings: 3, Instructions: 594COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$R_set_debug$O_free$memcmp$X_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_as_hello_retry_request$tls_process_server_hello
                                                                                                                                                                                                                        • API String ID: 1017169752-619482627
                                                                                                                                                                                                                        • Opcode ID: 8c8ef7bbbfbba2addd1090b4028716d70ec802d589f102b03a0b292a56874c1f
                                                                                                                                                                                                                        • Instruction ID: 14cad2517b2c8d07e78f44db8f76ecf8cf7560e14f4a78c0b15061e619eedade
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8c8ef7bbbfbba2addd1090b4028716d70ec802d589f102b03a0b292a56874c1f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43427062A0AA8281F7A0BB61D9447BD23A1FB84784F5C813ADF4D577AEDF3CE5518301
                                                                                                                                                                                                                        Function 00007FFE0076116D Relevance: 68.6, APIs: 34, Strings: 5, Instructions: 380COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Digest$Init_exL_cleanseR_newR_set_debug$D_get_sizeFinal_exX_freeX_newY_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c$HMAC$ext binder$res binder$tls_psk_do_binder
                                                                                                                                                                                                                        • API String ID: 1272419997-82630564
                                                                                                                                                                                                                        • Opcode ID: 47d593b76984bf34eca7711b951d5e55becbf861f3b50cc09006b9eaa6931ba3
                                                                                                                                                                                                                        • Instruction ID: 481247af78a2299c33af1c949edab8e995f89abeb7141bbae4bc35f53dfd3a02
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47d593b76984bf34eca7711b951d5e55becbf861f3b50cc09006b9eaa6931ba3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27F19E21B0EA8281E664BB62E9547BA6361FB857C0F480036DF8D47BEDDF7CE5058781
                                                                                                                                                                                                                        Function 00007FFE0077CD30 Relevance: 61.4, APIs: 34, Strings: 1, Instructions: 182COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free$L_sk_free$D_freeD_get0_providerL_sk_pop_free$E_free$D_lock_freeH_freeO_free_ex_dataO_secure_freeR_freeR_get0_providerX509_
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                        • API String ID: 234229340-1080266419
                                                                                                                                                                                                                        • Opcode ID: ed14bb0d9253941349e6b17cb79c765bb699e97b817cabdc0a51c48d0440dd15
                                                                                                                                                                                                                        • Instruction ID: e183d4a289b93efb7a9a9bfbbac735348a632c14bbd5862090dbb891fdbf4a0b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed14bb0d9253941349e6b17cb79c765bb699e97b817cabdc0a51c48d0440dd15
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73913161B1AA4280EB61BF22D5512B82722EF85BC4F4C5037DF5E1B7BEDE2DE5458310
                                                                                                                                                                                                                        Function 00007FFE00761ACD Relevance: 59.9, APIs: 32, Strings: 2, Instructions: 405COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$O_freememcpy$O_zalloc
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_hello
                                                                                                                                                                                                                        • API String ID: 2132817427-1456301196
                                                                                                                                                                                                                        • Opcode ID: b7b431a32e8799e04d9617049d5c08355a00ec7b274f06d4906128766a73c47b
                                                                                                                                                                                                                        • Instruction ID: 4f8bdf20756b04b89e8a0e09fd8fed4fc374192099aeb7bcb00d52a610a77ae7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b7b431a32e8799e04d9617049d5c08355a00ec7b274f06d4906128766a73c47b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E02B061A0EA8381FB25AB21E4503BD63A1EB45B80F589137DBDE067BDDE3CE591C701
                                                                                                                                                                                                                        Function 00007FFE00774530 Relevance: 57.9, APIs: 29, Strings: 4, Instructions: 178COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: X509_$R_newR_set_debugR_set_error$L_sk_numX_free$D_run_onceL_sk_pop_freeL_sk_valueM_move_peernameM_set1X509_verify_certX_get0_chainX_get1_chainX_get_errorX_initX_new_exX_set0_daneX_set_defaultX_set_ex_dataX_set_flagsX_set_verify_cb
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c$ssl_client$ssl_server$ssl_verify_cert_chain
                                                                                                                                                                                                                        • API String ID: 374146265-1087352319
                                                                                                                                                                                                                        • Opcode ID: 95d7dd2e19abe27bdfcb436bf9720103aec9494490e6ca884df9d4ef37416ffc
                                                                                                                                                                                                                        • Instruction ID: f144efea6a852c11c90cae074c1f87a4ead4e3737a4ee13be7743193e602bdaf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95d7dd2e19abe27bdfcb436bf9720103aec9494490e6ca884df9d4ef37416ffc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1571A061B0B68285FA55BB2699503B913A1AF89BD4F4C4032DF8D4B7BEDF3CE8418351
                                                                                                                                                                                                                        Function 00007FFE007C4C40 Relevance: 52.7, APIs: 25, Strings: 5, Instructions: 198COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFE007C59D5), ref: 00007FFE007C4C75
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFE007C59D5), ref: 00007FFE007C4C8D
                                                                                                                                                                                                                        • X509_get0_pubkey.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFE007C59D5), ref: 00007FFE007C4CB7
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFE007C59D5), ref: 00007FFE007C4CD2
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,00007FFE007C59D5), ref: 00007FFE007C4CEA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$0$0$RSA$tls_construct_cke_rsa
                                                                                                                                                                                                                        • API String ID: 2988517565-1370622440
                                                                                                                                                                                                                        • Opcode ID: 1e51fa2cecdc6d6f4a7537d14438d01a33699a4ec27fc07a0c0c695ed0999c40
                                                                                                                                                                                                                        • Instruction ID: 9a86f607756f82dadc19097b6d3d1aba985afc796196514e72933d1479d8f386
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e51fa2cecdc6d6f4a7537d14438d01a33699a4ec27fc07a0c0c695ed0999c40
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9814021B0E68381F761BB52E9217B96361AF85B84F4C4036DF4D47BAEDF2CE9018701
                                                                                                                                                                                                                        Function 00007FFE007613D9 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 256COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_new_nullL_sk_pop_freeR_newR_set_debugX509X509_freeX509_new_exd2i_
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_server_certificate
                                                                                                                                                                                                                        • API String ID: 3085087540-2730446810
                                                                                                                                                                                                                        • Opcode ID: 1b3d0604242f5cdfa77e7ef883ef2db16bfe8c3d1e1f5313c1ffb87d4796e741
                                                                                                                                                                                                                        • Instruction ID: ef3d4bace67ff6ea41b4c740370954acaf0f8edd181ed3ab74a8d441ee440a45
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b3d0604242f5cdfa77e7ef883ef2db16bfe8c3d1e1f5313c1ffb87d4796e741
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98C1CA22A0EA8281E7A0BB25D4407BD6361FB85784F5C8136DB9D477AEDF3CE941C702
                                                                                                                                                                                                                        Function 00007FFE00761A23 Relevance: 43.9, APIs: 23, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: N_dupN_free$O_freeO_strdup$R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c$ssl_srp_ctx_init_intern
                                                                                                                                                                                                                        • API String ID: 2354240759-1794268454
                                                                                                                                                                                                                        • Opcode ID: 7c6f5f71629c738828d3fb28ae6d14af1525a41dda9b56dd32a690e7e5b3c519
                                                                                                                                                                                                                        • Instruction ID: a609f79fcf7c490f1a8585a1039a1223843b2bdb569c50758e23c4a207666609
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c6f5f71629c738828d3fb28ae6d14af1525a41dda9b56dd32a690e7e5b3c519
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD911122A1BB8281FA55EF25D4507B83360EF85B48F1C4636EB5D4B369DF3CA5918310
                                                                                                                                                                                                                        Function 00007FFE00761AB4 Relevance: 42.3, APIs: 21, Strings: 3, Instructions: 290COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeR_newR_set_debug$O_memdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$D:\a\1\s\include\internal/packet.h$tls_process_certificate_request
                                                                                                                                                                                                                        • API String ID: 1088637640-3868612116
                                                                                                                                                                                                                        • Opcode ID: a64704fb852c6d695dd9b290c85d08fc80d0e91c457f77e87556fae9689ea5c8
                                                                                                                                                                                                                        • Instruction ID: a799cae1b81c6bee85b6ac0ff07f763bcf3786ef3a0dcf03147ccc371300edb7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a64704fb852c6d695dd9b290c85d08fc80d0e91c457f77e87556fae9689ea5c8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16D1B522A0AA8685F750AB61D840AFD63A5FB44788F4C4136DF8D577AEDF3CE581C701
                                                                                                                                                                                                                        Function 00007FFE007DA8F0 Relevance: 40.4, APIs: 20, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$E_getN1_item_d2iN1_item_freeR_clear_errorX509_get0_pubkeyX_ctrlX_freeX_new_from_pkeyY_decryptY_decrypt_init
                                                                                                                                                                                                                        • String ID: $..\s\ssl\statem\statem_srvr.c$tls_process_cke_gost
                                                                                                                                                                                                                        • API String ID: 46435683-2809538378
                                                                                                                                                                                                                        • Opcode ID: 07976c8fc96eabefb09cad14e540a777fab0eac18c69514804c53231db2e79d3
                                                                                                                                                                                                                        • Instruction ID: acfc2ba18ef3ba3075b4502f2c0311a6878c595d9e3e8368a79ecfbd67929c23
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07976c8fc96eabefb09cad14e540a777fab0eac18c69514804c53231db2e79d3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 90715261B0AA4691FA60BB16E5557B92362FF84B84F588137DF8E477BDDE3CE8018301
                                                                                                                                                                                                                        Function 00007FFE00782410 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 281COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_new
                                                                                                                                                                                                                        • API String ID: 1552677711-1278568459
                                                                                                                                                                                                                        • Opcode ID: 96f50ba53d471986c50c324f7cbadeae805ee7a3248c6187a897ede070d8f3d4
                                                                                                                                                                                                                        • Instruction ID: e902b80af42ca20aa5b41f700f20906a5d91458b1b27ad225784299714f9c680
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 96f50ba53d471986c50c324f7cbadeae805ee7a3248c6187a897ede070d8f3d4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FAE12876706B8196EB88EF25D5807E873A4FB49B84F084136DF5C4B76ADF38E5A18310
                                                                                                                                                                                                                        Function 00007FFE007C4860 Relevance: 38.7, APIs: 20, Strings: 2, Instructions: 172COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C48AD
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C48C5
                                                                                                                                                                                                                        • memset.VCRUNTIME140(00000000,?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C48E2
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C4926
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C493E
                                                                                                                                                                                                                        • OPENSSL_cleanse.LIBCRYPTO-3(?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C4AFE
                                                                                                                                                                                                                        • OPENSSL_cleanse.LIBCRYPTO-3(?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C4B0D
                                                                                                                                                                                                                        • CRYPTO_clear_free.LIBCRYPTO-3(?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C4B25
                                                                                                                                                                                                                        • CRYPTO_clear_free.LIBCRYPTO-3(?,?,?,?,?,?,00007FFE007C59BC), ref: 00007FFE007C4B3D
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_cleanseO_clear_freeR_newR_set_debug$memset
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_psk_preamble
                                                                                                                                                                                                                        • API String ID: 1611825735-1354659140
                                                                                                                                                                                                                        • Opcode ID: cf7e838d635c0804ab024a5c05fc4331012485eed806572a72fa509bde042360
                                                                                                                                                                                                                        • Instruction ID: babf97c7e9ae1968f7954323015a5c96fcf65a3deb41e70572fdcaf9ad4ab1b2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf7e838d635c0804ab024a5c05fc4331012485eed806572a72fa509bde042360
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D717F21B1A68281F660BB52E851BFE6251BF85784F8C4037DF4E577AEDE7CE9018341
                                                                                                                                                                                                                        Function 00007FFE00761A05 Relevance: 37.0, APIs: 19, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeR_newR_set_debug$memcpy$N1_item_free$O_strndupR_set_errorX509_free_time64
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_asn1.c$d2i_SSL_SESSION
                                                                                                                                                                                                                        • API String ID: 1562032665-384499812
                                                                                                                                                                                                                        • Opcode ID: 2a5271567f02ba352d921ff3c4e2fac1e9ecca7785b90009fd4beffc7ef3d7b0
                                                                                                                                                                                                                        • Instruction ID: 99bb4ea34eb40162b794645ee139b1ccd1ab0b51f09ba9946776e023c1015e02
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a5271567f02ba352d921ff3c4e2fac1e9ecca7785b90009fd4beffc7ef3d7b0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DED12A22A0AB86D2EB66AF25D4902B927A4FB44B84F4C8036DF4D477A9DF3CE551C350
                                                                                                                                                                                                                        Function 00007FFE007DB070 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 155COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$L_cleanseO_freeO_memdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\include\internal/packet.h$tls_process_cke_psk_preamble
                                                                                                                                                                                                                        • API String ID: 4013370168-1385198054
                                                                                                                                                                                                                        • Opcode ID: 3a2a5a92ecabce0720ecdc04c4f55956ea775802fd9a1a9cd6d8a2eff944a89b
                                                                                                                                                                                                                        • Instruction ID: cdbfc318aabd14412e18c52547744c7ddfe206bbbc1e3aa474b829b9d8060eb9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a2a5a92ecabce0720ecdc04c4f55956ea775802fd9a1a9cd6d8a2eff944a89b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39717E61B1EA8281F620B761E8557FE6361BB85780F8C4132DB9D177BADF2CEA418301
                                                                                                                                                                                                                        Function 00007FFE0078F070 Relevance: 35.2, APIs: 17, Strings: 3, Instructions: 172COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$R_set_error$D_lock_freeD_lock_newO_freeO_new_ex_dataO_zalloc_time64memcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_sess.c$SSL_SESSION_new$ssl_get_new_session
                                                                                                                                                                                                                        • API String ID: 1080947343-2527649602
                                                                                                                                                                                                                        • Opcode ID: 3adb65c4ce5395a036aff69be4b35454048eab708be6bc5dd4ef8a9c22e0e0fb
                                                                                                                                                                                                                        • Instruction ID: fa2738c9ea9e3ace1e8355c00f1c945bf253654dd644681d0a7d540be36313b5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3adb65c4ce5395a036aff69be4b35454048eab708be6bc5dd4ef8a9c22e0e0fb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1718D21B0AA8282EB54FB65D9543BD22A0FB84B84F5C4136DB5D5B7EEDF3CE9418301
                                                                                                                                                                                                                        Function 00007FFE007C43C0 Relevance: 31.7, APIs: 16, Strings: 2, Instructions: 224COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EVP_MD_CTX_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C4451
                                                                                                                                                                                                                        • EVP_DigestInit.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C4468
                                                                                                                                                                                                                        • EVP_DigestUpdate.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C4485
                                                                                                                                                                                                                        • EVP_DigestUpdate.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C44A2
                                                                                                                                                                                                                        • EVP_DigestFinal_ex.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C44BC
                                                                                                                                                                                                                        • EVP_MD_CTX_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C44CC
                                                                                                                                                                                                                        • CRYPTO_malloc.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C44EF
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C46C4
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C46D9
                                                                                                                                                                                                                        • EVP_PKEY_CTX_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C46F1
                                                                                                                                                                                                                        • CRYPTO_clear_free.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C4709
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C4710
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(00000000,?,?,?,?,?,?,00007FFE007C5B97), ref: 00007FFE007C4728
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Digest$R_newR_set_debugUpdateX_free$Final_exInitO_clear_freeO_mallocX_new
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_gost18
                                                                                                                                                                                                                        • API String ID: 1516884489-304060821
                                                                                                                                                                                                                        • Opcode ID: 537555d0644218040bf19d7ac30abcd3ab8531c884d72ea51e6aef746ac518de
                                                                                                                                                                                                                        • Instruction ID: 2a5f327a461d203cf236113565ad134ac5a24b98cdb74ad5c16efff3e1cb89fa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 537555d0644218040bf19d7ac30abcd3ab8531c884d72ea51e6aef746ac518de
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15917552B0A68341F6A4BB16E821BBA1351AF857D4F5C0036DF4E5B7BEDE3CE9019340
                                                                                                                                                                                                                        Function 00007FFE00762117 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 169COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$D:\a\1\s\include\internal/packet.h$ssl_cache_cipherlist
                                                                                                                                                                                                                        • API String ID: 193678381-1442704767
                                                                                                                                                                                                                        • Opcode ID: f6eba84dc98326bb5d9857145e74fd18aa5488510e9c573f5265ef8cb0b7b91a
                                                                                                                                                                                                                        • Instruction ID: c58e90b383f6b8f408aab6633c5b85e111cc2296452a6a1bc936561401e85314
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f6eba84dc98326bb5d9857145e74fd18aa5488510e9c573f5265ef8cb0b7b91a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43719061B0EA8281E765FB21E8116BA6361EF84784F5C4036DF4E17BBDDE3DE6418300
                                                                                                                                                                                                                        Function 00007FFE0076136B Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 152COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$D_unlock$D_read_lockmemset
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_sess.c$ssl_generate_session_id
                                                                                                                                                                                                                        • API String ID: 2442218550-3346574085
                                                                                                                                                                                                                        • Opcode ID: e32ba1a0288b7d77686f1eba0b702de590428d1940c34ccdf049e3f7fc07a2bc
                                                                                                                                                                                                                        • Instruction ID: f66d8497c51b8f60609e4cf8b81d5e1b7ff570c87988f3dd425214479a8f6709
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e32ba1a0288b7d77686f1eba0b702de590428d1940c34ccdf049e3f7fc07a2bc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E614D21B1A98281F764FB25E8546F92360EB85B84F5C0032DB4D57BFECF2DE9858700
                                                                                                                                                                                                                        Function 00007FFE00762185 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 178COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$R_set_debug$O_free$Y_freeY_get1_encoded_public_key
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$add_key_share$tls_construct_ctos_key_share
                                                                                                                                                                                                                        • API String ID: 2910640537-2776458525
                                                                                                                                                                                                                        • Opcode ID: d0641521a8085f99a510304bc130ac0297c1851443fc4ba5da5bcaeed058df4f
                                                                                                                                                                                                                        • Instruction ID: f27db59dd5831ea5c7dcad73863e5133698005b1f7a7edbe7bd06e61d0469a2f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0641521a8085f99a510304bc130ac0297c1851443fc4ba5da5bcaeed058df4f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C716E21B1E68381FA60BB12D5513BA5291AF857C0F4C4032EF8E57BBEDF2CE9428701
                                                                                                                                                                                                                        Function 00007FFE007AE200 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 171COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$O_freeR_set_debug$O_strdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c$final_server_name$p
                                                                                                                                                                                                                        • API String ID: 3774429508-428839542
                                                                                                                                                                                                                        • Opcode ID: 9e64b608d775b9010f6cff3dbd6e499e1a58d160e7b9a1ac54ba7b3ab65b9f98
                                                                                                                                                                                                                        • Instruction ID: c75ae002184177fa4ee6b485af065432e9d4c4999d7d5dcfba48a9c89e1f91ef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e64b608d775b9010f6cff3dbd6e499e1a58d160e7b9a1ac54ba7b3ab65b9f98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A817E32A0AA8286EB61BB51D4507B926A4FBC6B84F4C1036FF4D477ADCF3CE9418751
                                                                                                                                                                                                                        Function 00007FFE007619DD Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: N_copyN_free$N_dup$O_freeO_strdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                        • API String ID: 3070725730-1778748169
                                                                                                                                                                                                                        • Opcode ID: 5de455a0e33419aeed79645b2a849e8fb5092a76a7a5c4db12254346f5210564
                                                                                                                                                                                                                        • Instruction ID: 8b6517fbce4d300748b82099fa9ab081dd25f3e367956e5cb44124db3375aba6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5de455a0e33419aeed79645b2a849e8fb5092a76a7a5c4db12254346f5210564
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A411221A0BA8384FE54BF59955077822A1BF82F84F1D4536EF5D4B7AEDF3CA8128310
                                                                                                                                                                                                                        Function 00007FFE00762423 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: J_nid2snO_zallocP_get_digestbyname
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$dane_ctx_enable
                                                                                                                                                                                                                        • API String ID: 481619167-1287278166
                                                                                                                                                                                                                        • Opcode ID: c2867071a3303bf8944f2cc0cf556ee6616352100b3f4d2b810e73fdd564d021
                                                                                                                                                                                                                        • Instruction ID: 19b1d4aeb14cf0221c1d042f461c2cca4719812288190d2715c63feb6be9060d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c2867071a3303bf8944f2cc0cf556ee6616352100b3f4d2b810e73fdd564d021
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A31C161F0A78282F755B715E4453B816A4EF44780F4C0039EB8D0BBEEDF6CE9458311
                                                                                                                                                                                                                        Function 00007FFE0076120D Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freememset
                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                                        • API String ID: 4031674668-4238427508
                                                                                                                                                                                                                        • Opcode ID: 356398fc8a42625d6fb9b76345896d3ed4a48e3a258aacd5a86a9cb8835ad42a
                                                                                                                                                                                                                        • Instruction ID: 0514ca065c178ef5cd7005515c8a5a4a2f289a6af1d049f291a8968717926384
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 356398fc8a42625d6fb9b76345896d3ed4a48e3a258aacd5a86a9cb8835ad42a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F31E065B0A68790EB10BB62D4517E82721AF45B88F8D5033DF4E4B3BEDE6CF5458322
                                                                                                                                                                                                                        Function 00007FFE0076204F Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 153COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$D_bytes_exO_freeO_mallocR_set_debug
                                                                                                                                                                                                                        • String ID: $..\s\ssl\statem\statem_srvr.c$tls_construct_certificate_request
                                                                                                                                                                                                                        • API String ID: 2305228085-266924759
                                                                                                                                                                                                                        • Opcode ID: c9d941387b21127f5e929cdb10efe204c1641734eef468d887806261a45ba13d
                                                                                                                                                                                                                        • Instruction ID: 42c6de9aa9edb8bd389fa235f1b576ce9b0f320d19cae3cb9e99480c4bbddb4f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9d941387b21127f5e929cdb10efe204c1641734eef468d887806261a45ba13d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7515F60B0A68341F750BA22D5157BA26A19F85BC8F5C4033DF8E8BBEEDF6DE4418311
                                                                                                                                                                                                                        Function 00007FFE00762144 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 146COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: $ $..\s\ssl\t1_enc.c$key expansion$tls1_setup_key_block
                                                                                                                                                                                                                        • API String ID: 0-3969574974
                                                                                                                                                                                                                        • Opcode ID: c521dc4fbc0e9c70ff140fcde03a429a3ec83a3a535c10fe10b2babba34fa61a
                                                                                                                                                                                                                        • Instruction ID: 64d887af1783dd8f87dc775bcbff3fc3f27d24ac745f51a38add7d8955831d2b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c521dc4fbc0e9c70ff140fcde03a429a3ec83a3a535c10fe10b2babba34fa61a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 65613C32A0AB8682EB60EF15E4403A973A5FB84B94F480136DF8D47BA9DF7DD645C710
                                                                                                                                                                                                                        Function 00007FFE007CA3D0 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 102COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$D:\a\1\s\include\internal/packet.h$tls_process_ske_psk_preamble
                                                                                                                                                                                                                        • API String ID: 1233037391-1906891150
                                                                                                                                                                                                                        • Opcode ID: 0b6528a612a63d93a0904871f21b1c017866618bc446eba2776d67c557741d00
                                                                                                                                                                                                                        • Instruction ID: 3f6a1a6c0e882206193c14dc96bc257ecb63859a01d3a1e876191174efdb65dc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b6528a612a63d93a0904871f21b1c017866618bc446eba2776d67c557741d00
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D641A321F1DA9681F360BB25E904BBD5361BB85784F8C4132EB8C17BAEDF6CE6518701
                                                                                                                                                                                                                        Function 00007FFE007CC8E0 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 152COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free$memcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                                        • API String ID: 1144371060-3140652063
                                                                                                                                                                                                                        • Opcode ID: e58a0fc3cf81c21045e68de343a0870b17323d38c15971dd7cf52f5f0e550769
                                                                                                                                                                                                                        • Instruction ID: a89f875906b074d563196aa1c0b777c4f42c4d5de78ebb0a9a9fff4548cdecb0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e58a0fc3cf81c21045e68de343a0870b17323d38c15971dd7cf52f5f0e550769
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27617B61A0AA4281EAA4FF26D4556B82762FB84F84F4C4036DF4E477ADDF7DE991C300
                                                                                                                                                                                                                        Function 00007FFE007614CE Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 112COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free$O_memdupR_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_alpn
                                                                                                                                                                                                                        • API String ID: 779157885-56215565
                                                                                                                                                                                                                        • Opcode ID: e22efbd82fefe916cb406eef42e8a32a0f0c9136b3571ebbd12de0fb3b20e99c
                                                                                                                                                                                                                        • Instruction ID: 9d0330efe4153653a70821a4d70dc11a506e0150420e54331bc54cb06160ba0e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e22efbd82fefe916cb406eef42e8a32a0f0c9136b3571ebbd12de0fb3b20e99c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C941C2A1A0EA8681E720AB65E4053FE6361FB45784F4C4135DF8C17BADDF7CE5918700
                                                                                                                                                                                                                        Function 00007FFE00761893 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_server_name
                                                                                                                                                                                                                        • API String ID: 193678381-2697319676
                                                                                                                                                                                                                        • Opcode ID: 08420c5e031d7227765b236b4b450e1a03c042d27d1d3e22068f488af869d6ff
                                                                                                                                                                                                                        • Instruction ID: 644533433cc48eaa71e384996f62264f35561f629ac4b619abd30111f8a1f159
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08420c5e031d7227765b236b4b450e1a03c042d27d1d3e22068f488af869d6ff
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7314D21F1A98781FB61F761D8617FA12A0EF84744F9C5032DB0D467EACF6CAA818B51
                                                                                                                                                                                                                        Function 00007FFE007A30A0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: N_free$O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                                                        • API String ID: 3506937590-1778748169
                                                                                                                                                                                                                        • Opcode ID: 61bbdc3ef7b5e96c552bc57ec8e23cb8fbf01d5ae10ca28515fe99cbc8c27278
                                                                                                                                                                                                                        • Instruction ID: c5080f09f113dfb59bf29acb6d44f25b8433a0a0a68db019fd259e222f37b6c8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 61bbdc3ef7b5e96c552bc57ec8e23cb8fbf01d5ae10ca28515fe99cbc8c27278
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7E21FA52E1AAC681F750EF25C8917F82320EB95B4CF195232EE5D4B26ADE68A9D48310
                                                                                                                                                                                                                        Function 00007FFE007624EB Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$R_set_debug$O_malloc
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_cert_status_body
                                                                                                                                                                                                                        • API String ID: 2635154176-3889181619
                                                                                                                                                                                                                        • Opcode ID: 28a792d351ccd46c84e4b9a415448d72fe88f8b9da3c8d201a265967783215d1
                                                                                                                                                                                                                        • Instruction ID: ad1891f90ef63f8464c817323a5b5fb5ec92543d71879257e801b394b3299d76
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28a792d351ccd46c84e4b9a415448d72fe88f8b9da3c8d201a265967783215d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E41F621B1AA9281E790FB11E940ABD63A1FF45780F8C4036DB4D57BAEDF2CE9518701
                                                                                                                                                                                                                        Function 00007FFE007A2A50 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: N_clear_free$Calc_u_exN_bn2binN_num_bitsO_mallocR_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c$srp_generate_server_master_secret
                                                                                                                                                                                                                        • API String ID: 862114558-912242517
                                                                                                                                                                                                                        • Opcode ID: 795a624da099210b56418885e2e806aaeb84cb24bb5429d457c9923ad55d150b
                                                                                                                                                                                                                        • Instruction ID: da13576e7f0d81dd9078b02be0d5554056220c8078735746b323b9b0d5e03bea
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 795a624da099210b56418885e2e806aaeb84cb24bb5429d457c9923ad55d150b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD31846670AA8641EA10BF66E8506F967A1EF89BC4F0C0032EF4C4BB6EDF3CD5418310
                                                                                                                                                                                                                        Function 00007FFE007C5070 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$N_bn2binN_num_bitsO_freeO_strdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_srp
                                                                                                                                                                                                                        • API String ID: 3313194808-2349936798
                                                                                                                                                                                                                        • Opcode ID: 844300eb898a2ac4de2d585438618d8c63867cbdbcac32f792ec9b7f50eaa4ae
                                                                                                                                                                                                                        • Instruction ID: 42dd82ee2f0c362783c51dc1aa138c62d34c0dae3dadba671f300271301034aa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 844300eb898a2ac4de2d585438618d8c63867cbdbcac32f792ec9b7f50eaa4ae
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93318161B1A98681FB50B711E855BF91361FB84B84F8C0136EF5E4B7AEDF2DE5818300
                                                                                                                                                                                                                        Function 00007FFE007623DD Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_enc.c$ssl3_setup_key_block
                                                                                                                                                                                                                        • API String ID: 0-2303705756
                                                                                                                                                                                                                        • Opcode ID: c73b8ea01a43f5656d2de56e94c70a10ede541e9e30d12f64adef1cedfddc30d
                                                                                                                                                                                                                        • Instruction ID: df7858ed8867dfb46c10a4f4ce732cd60ce0673fc84bd374118de680fd918863
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c73b8ea01a43f5656d2de56e94c70a10ede541e9e30d12f64adef1cedfddc30d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9451B532B0AB8682E719EF25E5502B977A4FB88B80F580035EB9D47769DF3CE1618740
                                                                                                                                                                                                                        Function 00007FFE00762374 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$O_freeO_memdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$D:\a\1\s\include\internal/packet.h$tls_process_next_proto
                                                                                                                                                                                                                        • API String ID: 3243760035-2889161144
                                                                                                                                                                                                                        • Opcode ID: e8f5682af1550e608a5cf28d67d996da808fc350f1507d505efa1e53ce03e002
                                                                                                                                                                                                                        • Instruction ID: 76910e4ffb2450aa4c0efc18bf1e86fc966f8588e335353bb04744c0bbe9ca18
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8f5682af1550e608a5cf28d67d996da808fc350f1507d505efa1e53ce03e002
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5418521B0EA8181E760AB11F5107B9A360FB99784F5C4136EFCD47B6EEF2CE6918740
                                                                                                                                                                                                                        Function 00007FFE00762527 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 78COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$O_freeO_memdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_ec_pt_formats
                                                                                                                                                                                                                        • API String ID: 3243760035-2708166893
                                                                                                                                                                                                                        • Opcode ID: ab93668ba9d89262296b78dc5fd8118763a9d078aa92ad0008419e569d609a33
                                                                                                                                                                                                                        • Instruction ID: e5e8575aa334f221afdcb474955a5d84171ae1b02cca0c69f5091ae4c2e35fe2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab93668ba9d89262296b78dc5fd8118763a9d078aa92ad0008419e569d609a33
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E331B821B0EB8581E721BB15E9007BA6361FB49744F584132DB8C57BAEDF3CE691C701
                                                                                                                                                                                                                        Function 00007FFE0076236A Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_mallocR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c$tls1_set_raw_sigalgs
                                                                                                                                                                                                                        • API String ID: 3414495729-2202831108
                                                                                                                                                                                                                        • Opcode ID: 6558d468181808056966f155408aa3d877414edbd20d5b55acabf861a3096ff4
                                                                                                                                                                                                                        • Instruction ID: a4e618af94e001d4a2e022b6cdcd984e0f8818560113b3d97416a9cde438da78
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6558d468181808056966f155408aa3d877414edbd20d5b55acabf861a3096ff4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E215021B0AA42C5F750FB12E8412B96661EB45BD0F9C4036EF8D17BAEDE3CE5418311
                                                                                                                                                                                                                        Function 00007FFE00761361 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_mallocR_pop_to_markX_freeX_new_from_pkeyY_freeY_set_type
                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                        • API String ID: 355840433-1643863364
                                                                                                                                                                                                                        • Opcode ID: 468a56fe22af5a1453cbdd0da71ae12b23bac3f9028e34514b18e1e269f50fad
                                                                                                                                                                                                                        • Instruction ID: e7e5943cc01060b2bd188473e22f999ff46c4c5055ecf7d889eb646bed6451fb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 468a56fe22af5a1453cbdd0da71ae12b23bac3f9028e34514b18e1e269f50fad
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60318462E1AB5182F611BB15E9002BE67B0FF49B98F484136DF4C0776ADF7CE9518300
                                                                                                                                                                                                                        Function 00007FFE00761401 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free$O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c$tls1_save_u16
                                                                                                                                                                                                                        • API String ID: 1304317871-3868075628
                                                                                                                                                                                                                        • Opcode ID: b1a25bf4a83aa7598a22c8943fde4cc84b40d9a57afe17ff7b323a6a90560e95
                                                                                                                                                                                                                        • Instruction ID: 48e21fe8a9369638bcef05ab9aee44ba7b814a7ed21526bb15abaa4bea485e02
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1a25bf4a83aa7598a22c8943fde4cc84b40d9a57afe17ff7b323a6a90560e95
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 69319121A2AB92C1E790EB11E4016B96761FB86BC4F8C4032EB8D47BADDF3DE501C711
                                                                                                                                                                                                                        Function 00007FFE007624CD Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_mallocR_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_sess.c$SSL_set_session_ticket_ext
                                                                                                                                                                                                                        • API String ID: 3414495729-2771971639
                                                                                                                                                                                                                        • Opcode ID: 33ff73018322d7b51af2a0daf8fd580d98ef873d2e93b57a57980e9f3efb85e5
                                                                                                                                                                                                                        • Instruction ID: 6c559aeb89290a32b7193cac0ebc1b48ffb41968539a711bf080883c56416d46
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33ff73018322d7b51af2a0daf8fd580d98ef873d2e93b57a57980e9f3efb85e5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AB311E22B1AB8181E750EB15E4402AD7760EB85B84F585036EF4E57BADDF3DD9818701
                                                                                                                                                                                                                        Function 00007FFE007620E5 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c$tls1_set_server_sigalgs
                                                                                                                                                                                                                        • API String ID: 1233037391-4283112319
                                                                                                                                                                                                                        • Opcode ID: 02c1b04f2f2d6d126f1c396194d67a7f5c8d13bc3ae03f8e6d11a72cec1828e4
                                                                                                                                                                                                                        • Instruction ID: 6d6a89851c32e841a01a0a3106fdd2211054262d17ddfa756d19fc24946b5c7d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 02c1b04f2f2d6d126f1c396194d67a7f5c8d13bc3ae03f8e6d11a72cec1828e4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 37718E32A0AA8686F761AF19E4483F922A5FB44784F9C0039DB4D577ADDF3DE981C301
                                                                                                                                                                                                                        Function 00007FFE007B80C0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                        • API String ID: 3962629258-3973221358
                                                                                                                                                                                                                        • Opcode ID: 738a822d1e3cbd9bff253c4388f0ffe59fa978b3bf31d50a908cf80ad26fc2a0
                                                                                                                                                                                                                        • Instruction ID: 5ba62f79bf08e654242ad58c2bf3c56b613393a38c672f93b566fd82ad3df924
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 738a822d1e3cbd9bff253c4388f0ffe59fa978b3bf31d50a908cf80ad26fc2a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39418E32B0BA4681EB64FB12F8406A96368FB44788F095536CF9D47B68EF7CE195C301
                                                                                                                                                                                                                        Function 00007FFE0076222F Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3 ref: 00007FFE007DCDCA
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3 ref: 00007FFE007DCDE2
                                                                                                                                                                                                                        • CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFE007DCEE2
                                                                                                                                                                                                                          • Part of subcall function 00007FFE007DB070: ERR_new.LIBCRYPTO-3(?,?,00007FFE007DCDB5), ref: 00007FFE007DB0FD
                                                                                                                                                                                                                          • Part of subcall function 00007FFE007DB070: ERR_set_debug.LIBCRYPTO-3(?,?,00007FFE007DCDB5), ref: 00007FFE007DB115
                                                                                                                                                                                                                          • Part of subcall function 00007FFE00761CEE: CRYPTO_malloc.LIBCRYPTO-3 ref: 00007FFE0076FDA2
                                                                                                                                                                                                                          • Part of subcall function 00007FFE00761CEE: memset.VCRUNTIME140 ref: 00007FFE0076FDD0
                                                                                                                                                                                                                          • Part of subcall function 00007FFE00761CEE: memcpy.VCRUNTIME140 ref: 00007FFE0076FE05
                                                                                                                                                                                                                          • Part of subcall function 00007FFE00761CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFE0076FE21
                                                                                                                                                                                                                          • Part of subcall function 00007FFE00761CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFE0076FE7A
                                                                                                                                                                                                                          • Part of subcall function 00007FFE00761CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFE0076FEF2
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_clear_free$R_newR_set_debug$O_mallocmemcpymemset
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_key_exchange
                                                                                                                                                                                                                        • API String ID: 1067245891-2687227884
                                                                                                                                                                                                                        • Opcode ID: 00ed6cab3850fd6b39f1ddfd7c0affc1b41c48386bbb5bf0d7c168b6b20bcba7
                                                                                                                                                                                                                        • Instruction ID: d5925be0db54555f5abd9d73fcce43b35d7089252a71d25fa7d1de97fece206a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00ed6cab3850fd6b39f1ddfd7c0affc1b41c48386bbb5bf0d7c168b6b20bcba7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B413FA1B1E64381F665B626A8067B92361AF45BC0F5C4033DF8E477FECE2CE841C641
                                                                                                                                                                                                                        Function 00007FFE00761212 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                        • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                        • Opcode ID: ffdd1c6ec0e4539bf8475cccc44e7ba020668215223953466c77ad52d0e28efa
                                                                                                                                                                                                                        • Instruction ID: 8de3ab0f7a53a35c3679a6b3308044073f47d721099c2b8d72799cb6cb748aec
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffdd1c6ec0e4539bf8475cccc44e7ba020668215223953466c77ad52d0e28efa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B741F872B0AB42C2EB54AB15E44036962A4FB48BD4F980236EB5E47BEEDF2CD551C740
                                                                                                                                                                                                                        Function 00007FFE00761B31 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_supported_groups
                                                                                                                                                                                                                        • API String ID: 1233037391-3902054871
                                                                                                                                                                                                                        • Opcode ID: 19929d305ca6f874dd2ce54bced4abc24140496fcf1b8b5b7ffb248381f0205b
                                                                                                                                                                                                                        • Instruction ID: f616461d859653dc002caeb7b995bb89b3b02833c11c2e7d94558e0790e0b71d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19929d305ca6f874dd2ce54bced4abc24140496fcf1b8b5b7ffb248381f0205b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F41B521B1E68282E761A725E505BFD67A0FB85744F884132EB8C53BA9DF7CE691C700
                                                                                                                                                                                                                        Function 00007FFE007622D9 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free$F_parse_listO_mallocO_memdup
                                                                                                                                                                                                                        • String ID: ($..\s\ssl\t1_lib.c
                                                                                                                                                                                                                        • API String ID: 3703324232-198664497
                                                                                                                                                                                                                        • Opcode ID: ca2dd80d8896e8171d868b114645806a10eef34fc1ba2424fa82d6af0ff9f3c9
                                                                                                                                                                                                                        • Instruction ID: e8c73401fc269082b1a4c11343d49d61ba1d022f17beeddf1afc4e37c3f5873b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca2dd80d8896e8171d868b114645806a10eef34fc1ba2424fa82d6af0ff9f3c9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7213E3170AF4285EB50AB16E4406696765FB89BC4F584036EF8D47BBDDF3DE6118700
                                                                                                                                                                                                                        Function 00007FFE00776B20 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_run_onceL_sk_findL_sk_valueR_fetchR_get_flags
                                                                                                                                                                                                                        • String ID: NULL
                                                                                                                                                                                                                        • API String ID: 186275343-324932091
                                                                                                                                                                                                                        • Opcode ID: 7d3d0d837e396a397073c151eeb8e8709ae4f2d5c4b30c3e487f140be633abd2
                                                                                                                                                                                                                        • Instruction ID: eb8382df71965cf0baec0a97a64a6832021c4b952fea671994a2a9a659f78b63
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d3d0d837e396a397073c151eeb8e8709ae4f2d5c4b30c3e487f140be633abd2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88917626B0BA4289FE66AF21D84437936A1FF45B94F1C4136DB8D867ACDF7DE8408710
                                                                                                                                                                                                                        Function 00007FFE00764C00 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 64COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\crypto\packet.c$WPACKET_start_sub_packet_len__
                                                                                                                                                                                                                        • API String ID: 3755831613-182491764
                                                                                                                                                                                                                        • Opcode ID: 045d006653cc664451bf9585de0b89c8c147661d4de1dbc510ed8452d46295ca
                                                                                                                                                                                                                        • Instruction ID: f9b3fb71a92bec9c4c3f7f1f69b2b3af1211fa97f33f74a1c36aeff84de143a3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 045d006653cc664451bf9585de0b89c8c147661d4de1dbc510ed8452d46295ca
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE21A162B0AB42C2EB54EB15E54436962A4FF58BC8F881031DB4D47BAEDF2DD9A08340
                                                                                                                                                                                                                        Function 00007FFE007618B6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                        • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                        • Opcode ID: d8d29241b34f6ed1448e2b191bfe5aaeec13669fc189dc889723cdd5f99c9a51
                                                                                                                                                                                                                        • Instruction ID: 5627479e5f11fdb4db141157704fedaacea2e704db6e420cc2fb7172b9d83f7c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d8d29241b34f6ed1448e2b191bfe5aaeec13669fc189dc889723cdd5f99c9a51
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D611B662B1AA4282E750AB15F4413BC62A4EB44794F980335E76E06BEEDE2CD951C300
                                                                                                                                                                                                                        Function 00007FFE00764300 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                        • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                        • Opcode ID: 52eb0955db75286f57cd2820f3b9509161aee0e3a86ccdc15107bfa7d9bbb2d5
                                                                                                                                                                                                                        • Instruction ID: 3d31e116fcca5aec484081c72022842659b7ec392144ff0762e74a36c5384700
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52eb0955db75286f57cd2820f3b9509161aee0e3a86ccdc15107bfa7d9bbb2d5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8711C221B1AB42C2E754AB59F88026872A0FB48744FDC0035DB4D47BAADF3DD9A28300
                                                                                                                                                                                                                        Function 00007FFE00774990 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeX509_i2d_$memcmp
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                                        • API String ID: 1487052844-349359282
                                                                                                                                                                                                                        • Opcode ID: 777fb18747a5d81ff922ad4c58779e9ac14b1738b0b77e584ed02f53f2ca7fed
                                                                                                                                                                                                                        • Instruction ID: 4e06640310e97ab4a339eefb1927f299278a4816332a0ddbecaab335315748a4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 777fb18747a5d81ff922ad4c58779e9ac14b1738b0b77e584ed02f53f2ca7fed
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4C018822B0E74381D711B619F45016A57B19B8A7D0F5D5131EB8E47BAEEF3DE5404B00
                                                                                                                                                                                                                        Function 00007FFE00761389 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                                        • API String ID: 3755831613-2385383871
                                                                                                                                                                                                                        • Opcode ID: 3ef190c75523e7896d3889d634bb52ef9347001eb4dc940cafadcbf989413ff2
                                                                                                                                                                                                                        • Instruction ID: 90acb3df48748690c91d74f065a05d5d489c9c40f1af552c6ffb7fb49c475316
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ef190c75523e7896d3889d634bb52ef9347001eb4dc940cafadcbf989413ff2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B911C222B06B4286E760BB59E44026822A0FB48764FAC4235E7AD067EEDF3DD8528300
                                                                                                                                                                                                                        Function 00007FFE00764B30 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\crypto\packet.c$WPACKET_start_sub_packet_len__
                                                                                                                                                                                                                        • API String ID: 3755831613-182491764
                                                                                                                                                                                                                        • Opcode ID: 00277b400fa8b774eecf2f4b9bc38fec04c853cbd2c065aed644d1c9ec542668
                                                                                                                                                                                                                        • Instruction ID: d4c7af1bc142ef36d36dcecfbb5151ea15f0630db39a05435727c91507feb6c8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00277b400fa8b774eecf2f4b9bc38fec04c853cbd2c065aed644d1c9ec542668
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 06018FA2A07B42C2F764BB51E8453A922A0EB48748F985035DB4C477EAEE3CDDD0C340
                                                                                                                                                                                                                        Function 00007FFE0076E0AD Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 28COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_strdupR_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c$ssl3_ctx_ctrl
                                                                                                                                                                                                                        • API String ID: 1600027128-780421027
                                                                                                                                                                                                                        • Opcode ID: 7d40c234d0f22eb61ccb567c1d7ddc2cc3355691a0df2bdf89c5a968330fce78
                                                                                                                                                                                                                        • Instruction ID: e10fa27840c9af97b6b56024dcd93a2bf5c5fe704183008c55c0c815514ab684
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d40c234d0f22eb61ccb567c1d7ddc2cc3355691a0df2bdf89c5a968330fce78
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7F0FB64B1FA8391FA61B711E4502B82350AF44744F990036DA4E0A7BEDE2CF5418312
                                                                                                                                                                                                                        Function 00007FFE0076114F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeR_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_d1.c$dtls1_process_buffered_records
                                                                                                                                                                                                                        • API String ID: 2314896662-3750322838
                                                                                                                                                                                                                        • Opcode ID: 9b7d533bb197c52e98715f895ff29401a5e6b6861563f37595cca6a8ec151ea3
                                                                                                                                                                                                                        • Instruction ID: 3a814bb7f0d99c680b5cfce5d4fe06d579527f000109d919721fadea9bfbf2cd
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b7d533bb197c52e98715f895ff29401a5e6b6861563f37595cca6a8ec151ea3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D413F62B0A64280EA60BF16D5502B96361EFC9BC4F5C4132EF4E477AEEF7EE4518350
                                                                                                                                                                                                                        Function 00007FFE007A9120 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_mallocR_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\ssl3_buffer.c$ssl3_setup_read_buffer
                                                                                                                                                                                                                        • API String ID: 4191474876-3943321158
                                                                                                                                                                                                                        • Opcode ID: 03236dcd578d6e900a34be3539932768b702f561eef41b50b58fe6f7f1e4e74d
                                                                                                                                                                                                                        • Instruction ID: 398eb9e6f9f06c5e96cb7dfeb40f1c6759870093a7aa359374a8d6d308772751
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03236dcd578d6e900a34be3539932768b702f561eef41b50b58fe6f7f1e4e74d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F521C972F1A75181FB90A769E9407A95290EB84780F4C0131EF1D53BE9DF3CEC918740
                                                                                                                                                                                                                        Function 00007FFE0076139D Relevance: 7.6, APIs: 5, Instructions: 89COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_unlock$D_read_lockH_retrievememcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3379989983-0
                                                                                                                                                                                                                        • Opcode ID: 88cb1805d7471cd3fb0727ad96dc1205d643d455f5d35fe67dfa117094793bc4
                                                                                                                                                                                                                        • Instruction ID: f8f8fc36c4160cbfb3c272146c594d5abd17aeacde49eaca36024cd6081da063
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 88cb1805d7471cd3fb0727ad96dc1205d643d455f5d35fe67dfa117094793bc4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E41913660A68286EA69EB52D8543B97364FB84F94F088032DF4D477B9DF7CE515C700
                                                                                                                                                                                                                        Function 00007FFE007B8390 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_cust.c
                                                                                                                                                                                                                        • API String ID: 2581946324-3973221358
                                                                                                                                                                                                                        • Opcode ID: 73b89328d94985fa1e4bbd774a4cb8d5ea07f780b4c5cc7a6c352a81da706b54
                                                                                                                                                                                                                        • Instruction ID: 386ab9be2839264add09f41a597779cc65b982efc43067173f11814cb05b96a9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73b89328d94985fa1e4bbd774a4cb8d5ea07f780b4c5cc7a6c352a81da706b54
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F115A32A1AA42C1EB50AB16F4403AD6764FB44B84F485036EB9D07B6DDF7CE581C701
                                                                                                                                                                                                                        Function 00007FFE00789080 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free$Y_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                        • API String ID: 3642664693-1080266419
                                                                                                                                                                                                                        • Opcode ID: e234dd0c93516755aabd021aa199a870e28b6beb5a41545b24f52cf64c19e12d
                                                                                                                                                                                                                        • Instruction ID: 1162486d8d378554239a6819dad905d510dbb4a1f0e671c34d8eea775ce8ff14
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e234dd0c93516755aabd021aa199a870e28b6beb5a41545b24f52cf64c19e12d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4BE04F41F0B60290FE24B752E8513B81720AF45B90F8C5036DF9E4B7BEDD1CEA958302
                                                                                                                                                                                                                        Function 00007FFE0076117C Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: H_deleteH_retrieve_time64
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 406310823-0
                                                                                                                                                                                                                        • Opcode ID: e8cb642e80b92be8d7ce0570800e35ee464f94dafcd24e3133beec1a97a82775
                                                                                                                                                                                                                        • Instruction ID: 5ea3ebea511a0cbf93bcf30e3f9c1e715cc9bcadc2c2434dbabe7a5231617a24
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8cb642e80b92be8d7ce0570800e35ee464f94dafcd24e3133beec1a97a82775
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1551A421B4B68246EB65FB62645577A6391BF84BD4F5C5031DF0E47BAEEE3CD8428300
                                                                                                                                                                                                                        Function 00007FFE0078EB10 Relevance: 6.1, APIs: 4, Instructions: 59COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_unlockD_write_lockH_deleteH_retrieve
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3040165603-0
                                                                                                                                                                                                                        • Opcode ID: 85fd9279b41fa2de3312431f5d25abf4c859690862fe3eee8f677501977845b9
                                                                                                                                                                                                                        • Instruction ID: aa5b8ea3877c9a6c666fd38f8bec3772453427cebd4494b025474af109d0b03b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85fd9279b41fa2de3312431f5d25abf4c859690862fe3eee8f677501977845b9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B219061B1BB9245EA95FB12944466AA6A4BF84FC4F0C4031EF4E5BBAEDF3CD8008340
                                                                                                                                                                                                                        Function 00007FFE007820A0 Relevance: 6.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_read_lockD_unlockH_retrievememcpy
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2272600717-0
                                                                                                                                                                                                                        • Opcode ID: eb8f01d32f11ce757cc108247e8aaa33bb29da89dfad56b58e05de3c2455db79
                                                                                                                                                                                                                        • Instruction ID: ca7878694d5591eee112b336d831f02d689c904ea97e4ff6828a111ea52a15c9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb8f01d32f11ce757cc108247e8aaa33bb29da89dfad56b58e05de3c2455db79
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0113721B196C282EA65EB25D4953AD7364FB88B84F580031DB4D87769EF2CD5118700
                                                                                                                                                                                                                        Function 00007FFE007623EC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_sess.c
                                                                                                                                                                                                                        • API String ID: 3962629258-2868363209
                                                                                                                                                                                                                        • Opcode ID: d2c12af38343ab5d0ca7906e1b54dc8eaa99e34a9e6d683d7a24b0986fff5d1e
                                                                                                                                                                                                                        • Instruction ID: b903154402ded7a2e464fae36c8f68cf7df5f022e2b2d3ffaf57264859d37c46
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d2c12af38343ab5d0ca7906e1b54dc8eaa99e34a9e6d683d7a24b0986fff5d1e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB01C021B0EF8181E791EB16B5002A962A4EF48FC4F5C4131EF4D4BBADDF2DD6928700
                                                                                                                                                                                                                        Function 00007FFE0077C080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                        • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                        • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                        • Opcode ID: 5859aadcf2b4eeb33330b57652adaf2f05903adc2a3a2321bbe026c1439f3e30
                                                                                                                                                                                                                        • Instruction ID: b82bea3438e57e86b2116ea57c9bf5d42c29bb95a906af3c2bf6aee1e39aa7df
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5859aadcf2b4eeb33330b57652adaf2f05903adc2a3a2321bbe026c1439f3e30
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4401EC3270AB8281EB51AF16E8806A97764EB58BC0F4C8435EF8D57B69DE3DD5618700
                                                                                                                                                                                                                        Function 00007FFE007C00A0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                        • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                        • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                        • Opcode ID: 0de0adcc16def4c784bb835723cd13190444f72f64e2884ba791c4086e5a9858
                                                                                                                                                                                                                        • Instruction ID: 0c42dc4dde42f7087a0a1a831bba336c009c210b167d81b4ddfbd363f460601f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0de0adcc16def4c784bb835723cd13190444f72f64e2884ba791c4086e5a9858
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C01EC32B06B4681EB50AF12E8806A97764EB58B80F4C9435EF8D57B69DF3CD5618740
                                                                                                                                                                                                                        Function 00007FFE007B89F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_memdup
                                                                                                                                                                                                                        • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                        • API String ID: 3962629258-2521442236
                                                                                                                                                                                                                        • Opcode ID: b37658dcad52b1436dcc0843c4ff8bfc36452bfe40221a3fec933389c799bde5
                                                                                                                                                                                                                        • Instruction ID: bb932110faafac8ec684568b9acb05ca261a047c8a7586aefc006039c4aa63ef
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b37658dcad52b1436dcc0843c4ff8bfc36452bfe40221a3fec933389c799bde5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B201EC32706B4281EB50AF12E8806A97764EB58B80F4C8432EF8D97B69DE3CD5618700
                                                                                                                                                                                                                        Function 00007FFE007950D8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeX_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                        • API String ID: 2813942177-1643863364
                                                                                                                                                                                                                        • Opcode ID: 214f690204c5065f712ec925f68098dfcefa50c9e782cb8309541755b64608a0
                                                                                                                                                                                                                        • Instruction ID: b20c060ea67787905af179b99e8ea6b6947fa83e3153d19dc66d6a50ad1f1a8a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 214f690204c5065f712ec925f68098dfcefa50c9e782cb8309541755b64608a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64F05E51F4F503C6EE69B726D8513B812A09F49B44FAC4032DB0E467AAEE1DA9818700
                                                                                                                                                                                                                        Function 00007FFE007C0330 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeO_strndup
                                                                                                                                                                                                                        • String ID: D:\a\1\s\include\internal/packet.h
                                                                                                                                                                                                                        • API String ID: 2641571835-2521442236
                                                                                                                                                                                                                        • Opcode ID: 72b9bb49152b3029a39bc5d0963aa10db89a66de1ee1fa2dfca0384cf3ff8df7
                                                                                                                                                                                                                        • Instruction ID: 64d2d2f4328a7a8422a6fed2577414f00478a4d41644309c77d084e15ff67c73
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72b9bb49152b3029a39bc5d0963aa10db89a66de1ee1fa2dfca0384cf3ff8df7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 33F03731B05A4691EB04BB16F4555EC57609B48BD4F4C8036EF4D4776DDE2CD6558700
                                                                                                                                                                                                                        Function 00007FFE007611A9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_freeX_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                                        • API String ID: 2813942177-1643863364
                                                                                                                                                                                                                        • Opcode ID: cd9c58a908ead8263f7d5708fc4cde71f4cc44746c97003444a512d6895432ea
                                                                                                                                                                                                                        • Instruction ID: f9bc4932a64507ae69e3082257cb74d33a2c5611b5cdc1caa48430176528f156
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd9c58a908ead8263f7d5708fc4cde71f4cc44746c97003444a512d6895432ea
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82E0EC51F4B90784F955B66298553B406505F45780EDC5131EB0F467BAAE1CB5408310
                                                                                                                                                                                                                        Function 00007FFE00764100 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                        • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                                        • API String ID: 2581946324-3021818708
                                                                                                                                                                                                                        • Opcode ID: 6224574b7ed5e2385dc02589e031f659751ba7782648aab1ad9aa000ba038eb9
                                                                                                                                                                                                                        • Instruction ID: 1d65365f2aa6fd5be07a09dfa8df08976b1a971f3283da1b8f98b9cb54662d40
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6224574b7ed5e2385dc02589e031f659751ba7782648aab1ad9aa000ba038eb9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AF0BEA2B16A0381EB247B2698403A913A1EF59B94F4C2030EB0D8B7ADDE6CD8D18700
                                                                                                                                                                                                                        Function 00007FFE0077EB48 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c
                                                                                                                                                                                                                        • API String ID: 2581946324-1080266419
                                                                                                                                                                                                                        • Opcode ID: 3e861c8879fe00334cc6be8e4f40c19b18f04fdf5d33cabdd036f0e9ad07b572
                                                                                                                                                                                                                        • Instruction ID: 90a55feba9080c6544ac6dee6b3f1da12745d74480d47b6b9c7dd1cc90d0db73
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e861c8879fe00334cc6be8e4f40c19b18f04fdf5d33cabdd036f0e9ad07b572
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58F02492F1A54182EAA5A716E5411B81760EF8D7E0F4C0135DB8D473BAFE1CE5918304
                                                                                                                                                                                                                        Function 00007FFE00774930 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_get_ex_new_index
                                                                                                                                                                                                                        • String ID: SSL for verify callback
                                                                                                                                                                                                                        • API String ID: 3987194240-2900698531
                                                                                                                                                                                                                        • Opcode ID: 998d0b3d89f92af84c439d3d6d1f282b82ea7a3ae54b8f9e838ebb840228e167
                                                                                                                                                                                                                        • Instruction ID: 405da5f82f80921c9c657143180b4fbeabf66b526a298afcecc6ca67698fc830
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 998d0b3d89f92af84c439d3d6d1f282b82ea7a3ae54b8f9e838ebb840228e167
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FEE04F35E0A68286E310ABA4A805BE676E5FF98350F444135E38D83B79EE3C95118B14
                                                                                                                                                                                                                        Function 00007FFE007AE190 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                        • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                        • Opcode ID: b04a898bd4c575f3f5f68745acd2f80a0aa9fca2e7054a52a570b872af7a3398
                                                                                                                                                                                                                        • Instruction ID: 7052c244eb3caeeda4dd9e5f015162f0a958a558ac8760c4e001791f4222566a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b04a898bd4c575f3f5f68745acd2f80a0aa9fca2e7054a52a570b872af7a3398
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0E08661B03641C6F710B755D8887A42360FB05749F9C1030DA0D4B7A5DF7E95868711
                                                                                                                                                                                                                        Function 00007FFE007AE8C0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                        • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                        • Opcode ID: 8b6fc36c5a908e35a1f6cf454946f3d106bccb04e0009a982ebf6a3dfde00b69
                                                                                                                                                                                                                        • Instruction ID: d7c2a4bc47c0d0391647c4acd13c69c0d3fd46c93609931c0ad12f7bb534b5b7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8b6fc36c5a908e35a1f6cf454946f3d106bccb04e0009a982ebf6a3dfde00b69
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DE012A1F027418AE7826765D8453E42298EB49B44F9C0031DE4CC675AED5D86914311
                                                                                                                                                                                                                        Function 00007FFE007AE920 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                        • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                        • Opcode ID: a61c9ce346b74f3a0deff5805a9348d450189386ed9d9072d823e30e35c2c8a0
                                                                                                                                                                                                                        • Instruction ID: bbf3420e48337e947e4f24c6194d8de041581d92a5bfbefbc998a501e1b7892b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a61c9ce346b74f3a0deff5805a9348d450189386ed9d9072d823e30e35c2c8a0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EE012A2B066418AE7466765D8053E42294FB08744F8C0031EE9CC6759EF5C86518311
                                                                                                                                                                                                                        Function 00007FFE007AEC10 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                                        • API String ID: 2581946324-1165805907
                                                                                                                                                                                                                        • Opcode ID: 026593096e0eeb52011055ccaadf6bd90e8d9395dce27f0cc470b6fee418242c
                                                                                                                                                                                                                        • Instruction ID: 57ebbf569ffe8cd8ead89b1ca9c0002337618566cea60b924badc03e498dcd8b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 026593096e0eeb52011055ccaadf6bd90e8d9395dce27f0cc470b6fee418242c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23D0A7A1F06A4181F740B7A6E8453EC2610FB08748F8C0031DF0C4B79BDF1DD5854310
                                                                                                                                                                                                                        Function 00007FFE00761AC3 Relevance: 3.0, APIs: 2, Instructions: 26COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_read_lockD_unlock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 102331797-0
                                                                                                                                                                                                                        • Opcode ID: 5e7f9065c7574be89edb2e45999f33991c44a3a35ae18b08861fcc82c9ae1c5a
                                                                                                                                                                                                                        • Instruction ID: 8185ffb95204becbe4f917e0edc71ad60cbe3fab6a390e5cd247b5d3331b9e22
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e7f9065c7574be89edb2e45999f33991c44a3a35ae18b08861fcc82c9ae1c5a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A0F03022F5A58241FB55BBA6E9456FC5270EB84B80F8C0031EF5D877AADF6CE4D24704
                                                                                                                                                                                                                        Function 00007FFE0076198D Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1724170673-0
                                                                                                                                                                                                                        • Opcode ID: 83ed847967be068255eef3c865b8ab197e0ec3332e5960d83272749631eeb163
                                                                                                                                                                                                                        • Instruction ID: 1363b99ef9237527b9493e348f79f75a0fcfebf794c5a9090b24afa7acdefa09
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83ed847967be068255eef3c865b8ab197e0ec3332e5960d83272749631eeb163
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84E06562F1A68141E751AB16F5452BD6264EB48BC8F5C0031FF4D877AEDE1CC9914701
                                                                                                                                                                                                                        Function 00007FFE007621DF Relevance: 1.6, APIs: 1, Instructions: 87COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_memcmp
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2788248766-0
                                                                                                                                                                                                                        • Opcode ID: 3502cd6564c585f013cbfeca286bdd5201afba705f781fa75db7524b92a08b90
                                                                                                                                                                                                                        • Instruction ID: 7972b45921a8a44d919ee6e8b276b9cbc521ef0c1b95a626077cd7c26bbfd025
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3502cd6564c585f013cbfeca286bdd5201afba705f781fa75db7524b92a08b90
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F318322A1EB9585D7119F29E80836AB7A5F744F94F584031EF8D43B68DF3DD652C700
                                                                                                                                                                                                                        Function 00007FFE0077E427 Relevance: 1.5, APIs: 1, Instructions: 34COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_unlockD_write_lock
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1724170673-0
                                                                                                                                                                                                                        • Opcode ID: 8cbaf000b5af017c8a76034d2c79b22f0d1f0b76137dcf9630b5a8834ddf1fe4
                                                                                                                                                                                                                        • Instruction ID: 86c952ceb1b499d7ddcaf95ae8f91987e9a75f9cce61f6e654f10d46028ed6cb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8cbaf000b5af017c8a76034d2c79b22f0d1f0b76137dcf9630b5a8834ddf1fe4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62E0C242F1958246E741A21AE80A2A95260DF587C8F1C0031FB4E82B7EED1CC9520640
                                                                                                                                                                                                                        Function 00007FFE00772360 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_run_once
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1403826838-0
                                                                                                                                                                                                                        • Opcode ID: c13aa36e8a17a05cf506a0a9c11debc1049b81cce16da8ab96ad0e3a273c0894
                                                                                                                                                                                                                        • Instruction ID: 26aa69adfc977c96c5dddf15851570f144c427a30c6dd6166f946761bb9bf20f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c13aa36e8a17a05cf506a0a9c11debc1049b81cce16da8ab96ad0e3a273c0894
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40E0EC24F0A48396EE54B729D8556B532A4BF51390F884235E32E827F9DE1CE9158B14
                                                                                                                                                                                                                        Function 00007FFE007A09B0 Relevance: 56.2, APIs: 21, Strings: 11, Instructions: 185COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$D_get0_nameD_get_sizeF_fetchF_freeX_freeX_new
                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls13_enc.c$TLS13-KDF$derived$digest$key$label$mode$prefix$salt$tls13 $tls13_generate_secret
                                                                                                                                                                                                                        • API String ID: 2603205826-1355147087
                                                                                                                                                                                                                        • Opcode ID: 8d763159b971ece7f60506b29be84e16247facd842a8a046acd4d51518242364
                                                                                                                                                                                                                        • Instruction ID: 1f178b76c2600949a2d2247e3ac8d002c6d5b22340ce66b427c5f397e4b77e60
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8d763159b971ece7f60506b29be84e16247facd842a8a046acd4d51518242364
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2481A752E09BC681E621EF25D5116F96320FF99788F489232DF8D1776AEF3CE5858700
                                                                                                                                                                                                                        Function 00007FFE007850C0 Relevance: 47.5, APIs: 25, Strings: 2, Instructions: 219COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_set_debug$R_new$R_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$bytes_to_cipher_list
                                                                                                                                                                                                                        • API String ID: 3684861273-3103008854
                                                                                                                                                                                                                        • Opcode ID: ce266841a9ce94672183e7f9afa96fc48d869388553d51d66df71d7dcc1b942f
                                                                                                                                                                                                                        • Instruction ID: 0068bb30b2cc2f77d07441932f23808f01464eac46203c88b12a4148dbf28065
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce266841a9ce94672183e7f9afa96fc48d869388553d51d66df71d7dcc1b942f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23819061B0E94392FB61F751A8057BA5291AF80784F5C4032DF4D06BFECE7CE9868711
                                                                                                                                                                                                                        Function 00007FFE0076129E Relevance: 44.0, APIs: 23, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugX509_free$R_clear_error$O_ctrlO_freeO_newO_s_fileR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c$use_certificate_chain_file
                                                                                                                                                                                                                        • API String ID: 2477526543-3764335005
                                                                                                                                                                                                                        • Opcode ID: 55454b1de62ca967684e77d8944554ee77724f8150a6d2deff477673662d5161
                                                                                                                                                                                                                        • Instruction ID: 57161c6141f41fe4c5e0a97b2f5aa326a2964fde7a534fa28b2b256732d9eb38
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55454b1de62ca967684e77d8944554ee77724f8150a6d2deff477673662d5161
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25717361B5F64381FA21F666A4016BD5291AF85784F4C8432EF8D47BFEDE3CE9028711
                                                                                                                                                                                                                        Function 00007FFE00796280 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 277COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugY_get_id
                                                                                                                                                                                                                        • String ID: ..\s\ssl\t1_lib.c$tls12_check_peer_sigalg
                                                                                                                                                                                                                        • API String ID: 567803756-916071204
                                                                                                                                                                                                                        • Opcode ID: 582fd40382b6260e1d12bda0e32fff9a790b7f71b52efaff502620c2cab9ca55
                                                                                                                                                                                                                        • Instruction ID: ca9bd198369987a617ae2d50703fcca0ed972706e387875ba0b52cf14e888ad8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 582fd40382b6260e1d12bda0e32fff9a790b7f71b52efaff502620c2cab9ca55
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83B1B061F0F64286FB64BA25D4502B922A1EF80B84F9C4532DB4D47BFEDE2CF9528711
                                                                                                                                                                                                                        Function 00007FFE007CEC30 Relevance: 35.2, APIs: 18, Strings: 2, Instructions: 174COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugX509_$X_free$R_clear_errorX_new_ex
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$ssl_add_cert_chain
                                                                                                                                                                                                                        • API String ID: 1888251352-3046741138
                                                                                                                                                                                                                        • Opcode ID: b1c8194200e9d3e1c5d8c862a8ffe1261fe720612a8d07f6cb019b06ad1deaa2
                                                                                                                                                                                                                        • Instruction ID: 8f2f6bb50fc49b623d7e8b61be93c89832f6d26a309251c0d7989bf83f9faa45
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1c8194200e9d3e1c5d8c862a8ffe1261fe720612a8d07f6cb019b06ad1deaa2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EC51A011B0E64341FAA0BA669551ABE13A0AF85FC0F5C443ADF4E47BBFDE2CE9024345
                                                                                                                                                                                                                        Function 00007FFE0079C430 Relevance: 33.5, APIs: 10, Strings: 9, Instructions: 225COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_indentO_printf
                                                                                                                                                                                                                        • String ID: %s (0x%02X)$%s=0x%x (%s)$UNKNOWN$cipher_suites (len=%d)$client_version$compression_methods (len=%d)$cookie$session_id${0x%02X, 0x%02X} %s
                                                                                                                                                                                                                        • API String ID: 1860387303-676829095
                                                                                                                                                                                                                        • Opcode ID: 491e7838f89a887c891e69c19913d7f8648c6429bd46ba9b1855f531ed2a5653
                                                                                                                                                                                                                        • Instruction ID: 92aceacabc161ce7141ab5a89a43d60ba6ed83828f7e172e8871cd01382efe97
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 491e7838f89a887c891e69c19913d7f8648c6429bd46ba9b1855f531ed2a5653
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5891D532B1A6A285EF21AB11A5042B967A1FB85B90F5D4132DB9D13BBDDF3CD402C700
                                                                                                                                                                                                                        Function 00007FFE0079C0D0 Relevance: 33.4, APIs: 12, Strings: 7, Instructions: 169COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_printfO_puts$O_indentX509$M_write_bio_X509_freeX509_print_exd2i_
                                                                                                                                                                                                                        • String ID: ------details-----$------------------$<TRAILING GARBAGE AFTER CERTIFICATE>$<UNPARSEABLE CERTIFICATE>$ASN.1Cert, length=%d$certificate_list, length=%d$context
                                                                                                                                                                                                                        • API String ID: 1298273312-331119655
                                                                                                                                                                                                                        • Opcode ID: 0568a5166cbe50b40ad1a1903542a6d9b5c9235f3b0e7cc4cdbb049c402caa17
                                                                                                                                                                                                                        • Instruction ID: edeb01fd215bf07c0bdd838443ec00c9aa5a6ff1bf5029c177a0b16079be7e80
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0568a5166cbe50b40ad1a1903542a6d9b5c9235f3b0e7cc4cdbb049c402caa17
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A61C422B0A6C145EA61AB25E8457A9B7A1FB457D4F4C8132EF9D07BADDF7CE840C700
                                                                                                                                                                                                                        Function 00007FFE00761A55 Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 183COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CipherR_get0_providerR_newR_set_debug$M_construct_endM_construct_octet_ptrUpdateX_get0_cipherX_get_block_sizeX_get_paramsmemmovememset
                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\ssl3_record.c$ssl3_enc$tls-mac
                                                                                                                                                                                                                        • API String ID: 498158591-3426545738
                                                                                                                                                                                                                        • Opcode ID: 846db99a8bd125bd40f96cc4d37a063426ae10c70d0c16e5854cef26a0faee61
                                                                                                                                                                                                                        • Instruction ID: 6f42ce5e5bf6287fc458962c85d53316392971e4721de2c4466aa0390fbd64e5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 846db99a8bd125bd40f96cc4d37a063426ae10c70d0c16e5854cef26a0faee61
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2771A922A0AB8691EA75AB15E5013FA63A1FF95784F588032EF8D43779EF3CE441C701
                                                                                                                                                                                                                        Function 00007FFE0077AA00 Relevance: 31.7, APIs: 12, Strings: 6, Instructions: 173COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_conf.c$<EMPTY>$SSL_CONF_cmd$cmd=%s$cmd=%s, value=%s$ctrl_switch_option
                                                                                                                                                                                                                        • API String ID: 1552677711-2097058995
                                                                                                                                                                                                                        • Opcode ID: e319e27fe40e647e3f244abde80eac25d5c14b5325c085d734663c925ea3fa4d
                                                                                                                                                                                                                        • Instruction ID: e6bf32f24744d05f9c355ca17bd3ae7352a4a790c2b21082205580f89e606f59
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e319e27fe40e647e3f244abde80eac25d5c14b5325c085d734663c925ea3fa4d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5561A462B0AA86D2FB51AB59E8003E96361EBC4794F5C4032DB4C47BFEDE7CD9418701
                                                                                                                                                                                                                        Function 00007FFE0076109B Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 142COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_pop_free$E_freeL_sk_newL_sk_pushR_newR_set_debugX509_
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$parse_ca_names
                                                                                                                                                                                                                        • API String ID: 3454744561-1744826974
                                                                                                                                                                                                                        • Opcode ID: 3dc30979829a02e3f1d5c8d627f1a29548bede16a61c6a6dbdc5d78fc3ec5196
                                                                                                                                                                                                                        • Instruction ID: 895e9850cb76cb4a8cf085d35746f57559a7f977ac7b735984d97fc7cf27ce4c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3dc30979829a02e3f1d5c8d627f1a29548bede16a61c6a6dbdc5d78fc3ec5196
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6051B511F1E68281FA60BB51E8116BA2362BF84784F4C8436DB8D57BBEDE3CE9558700
                                                                                                                                                                                                                        Function 00007FFE00770190 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$X_freeX_new_from_name
                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c$ssl_generate_pkey_group
                                                                                                                                                                                                                        • API String ID: 3722767420-2496621805
                                                                                                                                                                                                                        • Opcode ID: 608811b5d5cc53c4b443046dd70d08cc72c6ef9e7ffa7820d7d5ffb1831b4724
                                                                                                                                                                                                                        • Instruction ID: f4d4f9bfbf165c3e89f9fcda7924898aa7af8411d17f0817bf1a0ae2474d1ba6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 608811b5d5cc53c4b443046dd70d08cc72c6ef9e7ffa7820d7d5ffb1831b4724
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50410121B1FA8291F650B712E9557BA5321AF85784F9C4032EB4E47BBFDE2CF9018742
                                                                                                                                                                                                                        Function 00007FFE0076143D Relevance: 30.0, APIs: 16, Strings: 1, Instructions: 281COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_value$L_sk_num$L_sk_push$L_sk_findL_sk_free
                                                                                                                                                                                                                        • String ID: SHA2-256
                                                                                                                                                                                                                        • API String ID: 3834244297-3468047183
                                                                                                                                                                                                                        • Opcode ID: 4b0ad3b47b5f96cf7eed855352c63b7e806eacba377068444527d6130787c6d9
                                                                                                                                                                                                                        • Instruction ID: d0ef894dd5aed410c10fef3886f7dcf5b638b489eaece103cc029389c1c73da5
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4b0ad3b47b5f96cf7eed855352c63b7e806eacba377068444527d6130787c6d9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EB1B121B0A28742FA66BA16D54537A7691BF85B84F5C8035DFCF877AADF3CE8418700
                                                                                                                                                                                                                        Function 00007FFE0076221B Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 212COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_key_share
                                                                                                                                                                                                                        • API String ID: 193678381-166674739
                                                                                                                                                                                                                        • Opcode ID: 26538530d0b4c294a6105c37b1eb02ab55bbef451c82e34db5fb2157a8506edc
                                                                                                                                                                                                                        • Instruction ID: fc2ed09c347c618265af0ea4e21afbe171de82e448334bee11a1868ddd27b512
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 26538530d0b4c294a6105c37b1eb02ab55bbef451c82e34db5fb2157a8506edc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8891B491A0E69381F762BB21D4157BA2761AF81784F5C8132EF9D57BEECE3CE9418700
                                                                                                                                                                                                                        Function 00007FFE007DA430 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$Y_free
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_cke_dhe
                                                                                                                                                                                                                        • API String ID: 2633058761-3621362005
                                                                                                                                                                                                                        • Opcode ID: 19c1777cdcb73b83f0363bca3c2d1f55a3b6b205234987e53fdbc37ec0f386be
                                                                                                                                                                                                                        • Instruction ID: 06926cf462d379356546d75641def8851b64dfc4759762e16793d94645e63040
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 19c1777cdcb73b83f0363bca3c2d1f55a3b6b205234987e53fdbc37ec0f386be
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE414F11B0EA4291FA60BB52E8457B96661BF41B80F4C4033DB8E577BEDE7CE9518301
                                                                                                                                                                                                                        Function 00007FFE007620D6 Relevance: 28.2, APIs: 14, Strings: 2, Instructions: 162COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$i2d_$L_sk_numR_set_debugX509_$L_sk_value
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_status_request
                                                                                                                                                                                                                        • API String ID: 3024451675-148121689
                                                                                                                                                                                                                        • Opcode ID: 200efca5fdb51ee8c8e6b7aec151410704a35242ea61df333bcc970f5f33587c
                                                                                                                                                                                                                        • Instruction ID: a8f6dcf12ad31abb56655d9f42781f6ec299773b5462a22dec6e78d6daf2cf37
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 200efca5fdb51ee8c8e6b7aec151410704a35242ea61df333bcc970f5f33587c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE515361B0EA4382FA60B662D9117F952A19F85784F5C4032DF4E87BFFDE2CE9528311
                                                                                                                                                                                                                        Function 00007FFE007D28A0 Relevance: 26.4, APIs: 11, Strings: 4, Instructions: 192COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$L_sk_numL_sk_valueO_new
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$No ciphers enabled for max supported SSL/TLS version$The max supported SSL/TLS version needs the MD5-SHA1 digest but it is not available in the loaded providers. Use (D)TLSv1.2 or above, or load different providers$tls_setup_handshake
                                                                                                                                                                                                                        • API String ID: 2488525820-2497654048
                                                                                                                                                                                                                        • Opcode ID: 889d1c007d4b9591b9fba4f5fe634e67aa0ff62d76414a126ba2c2a1611d6a98
                                                                                                                                                                                                                        • Instruction ID: 2472d1aa8cb9149d5956c2979c929361c4b497d544edd5c6a9695ab627897410
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 889d1c007d4b9591b9fba4f5fe634e67aa0ff62d76414a126ba2c2a1611d6a98
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB917F61A0A68281E760AF25D4543B92761FB85B84F5C8032DF8D57BBEDF7CE982C701
                                                                                                                                                                                                                        Function 00007FFE00761B81 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: DigestSign$Update$D_get_sizeFinalM_construct_endM_construct_size_tR_get_modeX_ctrlX_freeX_get0_cipherX_get0_mdX_get_pkey_ctxX_newX_set_params
                                                                                                                                                                                                                        • String ID: tls-data-size
                                                                                                                                                                                                                        • API String ID: 2598929643-2895545602
                                                                                                                                                                                                                        • Opcode ID: a669f073104c1a6129b07aa24a2e045fcfe735378822833e0390c193a860a670
                                                                                                                                                                                                                        • Instruction ID: db527fb45bc7e60ef5f238d39dbeeeea3069518d8125a2889561db6f005b35aa
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a669f073104c1a6129b07aa24a2e045fcfe735378822833e0390c193a860a670
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE818623B0968299EB21EB25D5013F927A1FB95B88F488036EF4D57769DF3CE545C340
                                                                                                                                                                                                                        Function 00007FFE00762162 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 140stringCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error$L_sk_freeL_sk_new_nullstrncmp
                                                                                                                                                                                                                        • String ID: ..\s\ssl\d1_srtp.c$ssl_ctx_make_profiles
                                                                                                                                                                                                                        • API String ID: 3277051535-118859582
                                                                                                                                                                                                                        • Opcode ID: e72304d4c79b4a9587490bee6b0dbe0bf50abb0501810f5d3378662828395322
                                                                                                                                                                                                                        • Instruction ID: 84e9ab3ef94340946c408670996347e382a38cbec4561c2691126ee0cd0d6484
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e72304d4c79b4a9587490bee6b0dbe0bf50abb0501810f5d3378662828395322
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5251B021B0F68786FA55BB15A8143B952A5AF45B84FAC4032DF4E477FEDE3DE8428300
                                                                                                                                                                                                                        Function 00007FFE0078C8F0 Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error$Y_new
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_use_RSAPrivateKey
                                                                                                                                                                                                                        • API String ID: 2166683265-3086726788
                                                                                                                                                                                                                        • Opcode ID: d066c8b87244a74083881708a9fa5293b9ec8a6897b6825bf9911631a474a0bf
                                                                                                                                                                                                                        • Instruction ID: 161d260d25536488e0be4a23dc0a912a9ca26882709a8a8aacf5efbee593027e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d066c8b87244a74083881708a9fa5293b9ec8a6897b6825bf9911631a474a0bf
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3219211F1E54282FA50F766A9413F94261AF887C4F8C5032EB8E47BAFDE2CED424701
                                                                                                                                                                                                                        Function 00007FFE00761BDB Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: E_dupL_sk_new_reserveL_sk_numL_sk_pushL_sk_valueR_newR_set_debugR_set_errorX509_
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c$SSL_dup_CA_list
                                                                                                                                                                                                                        • API String ID: 876855465-3127325357
                                                                                                                                                                                                                        • Opcode ID: 0a31a2026910ecbc2ad58b2bc3e42c5692a9224a5135d88c55630d5da1030bf5
                                                                                                                                                                                                                        • Instruction ID: 6dbdd2bd0b8516d4a3a363a59ae288c696c2d8ce6358d090e1816bba0c4eed45
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0a31a2026910ecbc2ad58b2bc3e42c5692a9224a5135d88c55630d5da1030bf5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD21A411F0F68286F661B761A8116BE5261AF847C0F5C0436EF9E477BFDE3CE8428240
                                                                                                                                                                                                                        Function 00007FFE00761096 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 179COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_prepare_client_certificate
                                                                                                                                                                                                                        • API String ID: 193678381-816577172
                                                                                                                                                                                                                        • Opcode ID: 0631d5a9709af4c4a5cdca13957b11041a4571707cdcd962e9d56ca7e6e342d0
                                                                                                                                                                                                                        • Instruction ID: 07a122a865a6a455a1576fffe555684e9824555038b0ca89ce56fae52d317757
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0631d5a9709af4c4a5cdca13957b11041a4571707cdcd962e9d56ca7e6e342d0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BD715362B1958281EB90AB16E4806B96360EB85B84F5C1036EF4E477AEDF3DE9918700
                                                                                                                                                                                                                        Function 00007FFE0079F0D0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 175COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • EVP_MD_get_size.LIBCRYPTO-3(?,0000077C,?,?,00007FFE007A1465), ref: 00007FFE0079F0F2
                                                                                                                                                                                                                        • ERR_new.LIBCRYPTO-3(?,0000077C,?,?,00007FFE007A1465), ref: 00007FFE0079F0FB
                                                                                                                                                                                                                        • ERR_set_debug.LIBCRYPTO-3(?,0000077C,?,?,00007FFE007A1465), ref: 00007FFE0079F113
                                                                                                                                                                                                                        • EVP_CipherInit_ex.LIBCRYPTO-3(?,0000077C,?,?,00007FFE007A1465), ref: 00007FFE0079F2FB
                                                                                                                                                                                                                        • EVP_CIPHER_CTX_ctrl.LIBCRYPTO-3(?,0000077C,?,?,00007FFE007A1465), ref: 00007FFE0079F312
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: CipherD_get_sizeInit_exR_newR_set_debugX_ctrl
                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls13_enc.c$derive_secret_key_and_iv$key
                                                                                                                                                                                                                        • API String ID: 2359698082-1803617066
                                                                                                                                                                                                                        • Opcode ID: 2e3ae387ec994b6c251488d9071b630f0b2ef4539ae3d150637d91fb3ded70e7
                                                                                                                                                                                                                        • Instruction ID: 78514b0d52c62fef21b67074b41faf210ef6f8e3daa53180a5c8d72d26f7b19e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e3ae387ec994b6c251488d9071b630f0b2ef4539ae3d150637d91fb3ded70e7
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C71642170AB8281E770AB56E8407AA66A4FB85B84F584135EF8D87BADDF3CE4418700
                                                                                                                                                                                                                        Function 00007FFE007CA0D0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 139COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$X509_get0_pubkey
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_ske_ecdhe
                                                                                                                                                                                                                        • API String ID: 2988517565-1997102834
                                                                                                                                                                                                                        • Opcode ID: 7aecebfbc2668b29183bc662aa50cfd165c4a29700916f123029868e4f2178bc
                                                                                                                                                                                                                        • Instruction ID: 6c023625bce0803e8e5b56f095235e3805ba82d4c21e02cbb34c9ac2352cc401
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7aecebfbc2668b29183bc662aa50cfd165c4a29700916f123029868e4f2178bc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4551C221B0AA9681F7A0EB51E910AB96361FB85784F4C8036DB8D47BAEDF2DE5518301
                                                                                                                                                                                                                        Function 00007FFE00788BA0 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$L_sk_numP_resp_countT_free$E_freeL_sk_valueP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicX_freeX_new_exd2i_
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$ssl_validate_ct
                                                                                                                                                                                                                        • API String ID: 2834088071-2167807083
                                                                                                                                                                                                                        • Opcode ID: 783a3b841d2ddae4a43db0365462d94e04d90f84d254595d195939d352948da8
                                                                                                                                                                                                                        • Instruction ID: 5aa85329e83e16746848629837b3be91af65237b9419e8630733d23619a58aba
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 783a3b841d2ddae4a43db0365462d94e04d90f84d254595d195939d352948da8
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D851A251B0B54285FAA4FB26D5553B91261AF85B90F8C0032DF4E4B7FEDF2DE8428352
                                                                                                                                                                                                                        Function 00007FFE007614E7 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_use_srtp
                                                                                                                                                                                                                        • API String ID: 193678381-2011129389
                                                                                                                                                                                                                        • Opcode ID: b153ca25bf123f9edc265dcead6a15017fdf019516b8f785ea21a5fceadc59e1
                                                                                                                                                                                                                        • Instruction ID: 804b23b1d62b46fb15dfd4a439c71957d7ff25de07d5dd0016f9a21d91b086e6
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b153ca25bf123f9edc265dcead6a15017fdf019516b8f785ea21a5fceadc59e1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D651B421B1EA8681F764B761E9516B922A0EF84B80F8C5032DB4D03BFACF2DD952C700
                                                                                                                                                                                                                        Function 00007FFE0076252C Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$R_set_debug$memcmp
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_renegotiate
                                                                                                                                                                                                                        • API String ID: 4071200903-1100612425
                                                                                                                                                                                                                        • Opcode ID: 7fdca107e6cc1b938510a6f599ee7e7232782fc1a688be8ba54bb3143102da43
                                                                                                                                                                                                                        • Instruction ID: 8c7d16adf4299beb8bf56487678d1faa1c6ce9f7beed3418f142148c6b531696
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7fdca107e6cc1b938510a6f599ee7e7232782fc1a688be8ba54bb3143102da43
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 53416361B1B98281FB50BB25D5443BD6360EF44B88F5C9032EB5E17BADDF2CE9628710
                                                                                                                                                                                                                        Function 00007FFE007A2C10 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$N_ucmp$N_is_zeroN_num_bits
                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls_srp.c$srp_verify_server_param
                                                                                                                                                                                                                        • API String ID: 3341325393-16616462
                                                                                                                                                                                                                        • Opcode ID: 8000f8f1ef392e9240f4becb0ba17ab62067a407d0614f572ccf5870c334aa3b
                                                                                                                                                                                                                        • Instruction ID: a3f7a387bfd4e4fe74a85541fdb8ffff7c1109025810690a343ec501b4c74adc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8000f8f1ef392e9240f4becb0ba17ab62067a407d0614f572ccf5870c334aa3b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED31E951B1A58381FB60BB66D8517F912619F85B84F5C4032DE4D8B7BBDF2CE9828311
                                                                                                                                                                                                                        Function 00007FFE0079E190 Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 73COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_indentO_printf$O_puts
                                                                                                                                                                                                                        • String ID: %02X$%s (len=%d): $Random:$gmt_unix_time=0x%08X$random_bytes
                                                                                                                                                                                                                        • API String ID: 4010264686-1582741163
                                                                                                                                                                                                                        • Opcode ID: 6519631c960eed39ddad9f4ceb3937f49908e10ce275aec5714ee6bf54b089a5
                                                                                                                                                                                                                        • Instruction ID: a1ee8f5c3b969b8ae48c46accffee3262a342483b77df949a4a4fecb5ef5d881
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6519631c960eed39ddad9f4ceb3937f49908e10ce275aec5714ee6bf54b089a5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8121F962B0DA5156F720FB26A4005B93B61EB85B84F098132EF5D07BAEDE7CD606C710
                                                                                                                                                                                                                        Function 00007FFE0079E300 Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 161COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_indentO_printf
                                                                                                                                                                                                                        • String ID: %s=0x%x (%s)$UNKNOWN$cipher_suite {0x%02X, 0x%02X} %s$compression_method: %s (0x%02X)$server_version$session_id
                                                                                                                                                                                                                        • API String ID: 1860387303-3448146522
                                                                                                                                                                                                                        • Opcode ID: 81693e77d7e7ab7e9036c393847531072b32a9dc76855acf82ff24eeda1f58fa
                                                                                                                                                                                                                        • Instruction ID: 76a3d73cb7b48865b9c2f5988bb241970cd95192928e815105dde7571b74def4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 81693e77d7e7ab7e9036c393847531072b32a9dc76855acf82ff24eeda1f58fa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B51E622A1A69181EA30EB15E8042BA67A1FB85B94F498132DFDD037F8EE3CD555C700
                                                                                                                                                                                                                        Function 00007FFE00762266 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 130COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: D_get0_nameL_cleanseM_construct_endM_construct_utf8_stringQ_macR_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\tls13_enc.c$HMAC$finished$properties$tls13_final_finish_mac
                                                                                                                                                                                                                        • API String ID: 3095186593-1708336846
                                                                                                                                                                                                                        • Opcode ID: 55112ecd9a4a4d5c4dca854e41a843cbaa6a0b487e9f87960962166c07c3df1c
                                                                                                                                                                                                                        • Instruction ID: 2e0b71c55115126602e76b39c69bb409c2ac28ed0c4b36eaeedd0034c3a4640e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55112ecd9a4a4d5c4dca854e41a843cbaa6a0b487e9f87960962166c07c3df1c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE514F62A0AB8581E761EF15E4407EA63A0FB89784F484136EF8D07769DF3CE545CB40
                                                                                                                                                                                                                        Function 00007FFE0078C4F0 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error$Y_new
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa_legacy.c$SSL_CTX_use_RSAPrivateKey
                                                                                                                                                                                                                        • API String ID: 2166683265-3135413908
                                                                                                                                                                                                                        • Opcode ID: 1c5440b5a9f78486ae293910026bd04abfada1e23b16dab2e9a40dfc5dd05139
                                                                                                                                                                                                                        • Instruction ID: 3e84d4650baed48bf3c62c2aa7631829d8c2ffa69993ac2aaca3443050c165c3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1c5440b5a9f78486ae293910026bd04abfada1e23b16dab2e9a40dfc5dd05139
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD218351B1E54281FA90F766A9512F94262AF887C4F8C5032EB4E47BAFDE2CED524701
                                                                                                                                                                                                                        Function 00007FFE007619EC Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_numL_sk_valueR_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_use_srtp
                                                                                                                                                                                                                        • API String ID: 2660725122-2269544924
                                                                                                                                                                                                                        • Opcode ID: 596797ce5974bdd948c3c6290542a7b9493a0efd42c17216aafb9146e75077b5
                                                                                                                                                                                                                        • Instruction ID: 2d113bdbcda04d470ff81637941de3dfa6159fc7dc13ab9f5bb03a8ae3113c03
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 596797ce5974bdd948c3c6290542a7b9493a0efd42c17216aafb9146e75077b5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D51D072B0AB9281E720FB51E9493BA63A5EB54794F5D4132EB9D037ADEE3CE440C700
                                                                                                                                                                                                                        Function 00007FFE0076119F Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_read_early_data
                                                                                                                                                                                                                        • API String ID: 1552677711-1193762697
                                                                                                                                                                                                                        • Opcode ID: 765441d96c8836d89b4b86551af9abb2bf4f61ae2aa69475af49dd773c5c7a39
                                                                                                                                                                                                                        • Instruction ID: 545c4b0d0a78a54e101f77b48a9e1a2aaa9af428f453f044b0a31ebcc6635a97
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 765441d96c8836d89b4b86551af9abb2bf4f61ae2aa69475af49dd773c5c7a39
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2415E32B0A64286F760FB65E9157BA62A0EB45784F5C4031EF4D467EADF7CE842C701
                                                                                                                                                                                                                        Function 00007FFE0077A200 Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 108COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_ctrl$O_freeO_newO_s_fileR_clear_last_markR_pop_to_markR_set_markX_freeY_free
                                                                                                                                                                                                                        • String ID: PEM
                                                                                                                                                                                                                        • API String ID: 753178889-379482575
                                                                                                                                                                                                                        • Opcode ID: 5453cc44e5c3a55a5f92aeaa599e3a927b7b979143c1d46f24e85b98a47d4041
                                                                                                                                                                                                                        • Instruction ID: e9408130b20b4ab6798fa08e4984215f6c5797118586fab8999f20b23e03a6c2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5453cc44e5c3a55a5f92aeaa599e3a927b7b979143c1d46f24e85b98a47d4041
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F411021A0F64291FA65BB16A44167D56A1FFC4BC4F084035EF8D47BAEDF3CE9018701
                                                                                                                                                                                                                        Function 00007FFE007612B7 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_ctrlO_free_allO_method_typeO_newO_nextO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_set_rfd
                                                                                                                                                                                                                        • API String ID: 1876162228-2433761532
                                                                                                                                                                                                                        • Opcode ID: 90f776c6c08b27f67889fb8440173e74ffb8612f2344ffcbc1bd74336b8dbb3c
                                                                                                                                                                                                                        • Instruction ID: 0a7d5c39154ec664020c60954305be045767e4507d9fc358cfc3f84263511631
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90f776c6c08b27f67889fb8440173e74ffb8612f2344ffcbc1bd74336b8dbb3c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E21B011F1B54382FB60FB52B8557BE1260AF94B84F4C1032EB8E47BAEDE2CE8804741
                                                                                                                                                                                                                        Function 00007FFE00761C21 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_ctrlO_int_ctrlO_method_typeO_newO_s_socketO_up_refR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_set_wfd
                                                                                                                                                                                                                        • API String ID: 475579866-2547745303
                                                                                                                                                                                                                        • Opcode ID: 95430999ac75b5da1baf22bc595de9e39229b842a3b613ee165b545bcfc85146
                                                                                                                                                                                                                        • Instruction ID: c21beed7d841062d5cce1df27cbfe322e7e3b196f51ea8e61eb176564d814821
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95430999ac75b5da1baf22bc595de9e39229b842a3b613ee165b545bcfc85146
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89117F11F1A68382FBA4F656A8117BE0261AF85B80F4C1032FB4E47BAFDD6CE8514701
                                                                                                                                                                                                                        Function 00007FFE00761CF3 Relevance: 18.1, APIs: 12, Instructions: 125COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: T_free$P_resp_count$E_freeL_sk_new_nullP_freeP_get1_ext_d2iP_resp_get0P_response_get1_basicR_newR_set_debugR_set_errorX509_get_ext_d2id2i_
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 2948080378-0
                                                                                                                                                                                                                        • Opcode ID: 46b03100bb4308b45e27424fb1b3d1de9c939f2bb6b203468dc37a9fb692bdd4
                                                                                                                                                                                                                        • Instruction ID: 3199c33586eecbca5b04edcece70c855c9a00f44e3eb763995b1853ad0f7281c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46b03100bb4308b45e27424fb1b3d1de9c939f2bb6b203468dc37a9fb692bdd4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9441D411B0F74281FA64FAA650553BA6790AF85BC4F4C4435DF8D07BAAEE7DF8458340
                                                                                                                                                                                                                        Function 00007FFE007790E0 Relevance: 18.1, APIs: 12, Instructions: 87COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • OPENSSL_sk_dup.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE0077910B
                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE00779124
                                                                                                                                                                                                                        • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE00779135
                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE00779150
                                                                                                                                                                                                                        • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE0077915C
                                                                                                                                                                                                                        • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE00779179
                                                                                                                                                                                                                        • OPENSSL_sk_unshift.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE0077919F
                                                                                                                                                                                                                        • OPENSSL_sk_dup.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE007791B1
                                                                                                                                                                                                                        • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE007791C1
                                                                                                                                                                                                                        • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE007791CD
                                                                                                                                                                                                                        • OPENSSL_sk_set_cmp_func.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE007791DF
                                                                                                                                                                                                                        • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFE00775834), ref: 00007FFE007791EF
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_freeL_sk_num$L_sk_dupL_sk_value$L_sk_set_cmp_funcL_sk_unshift
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 621534355-0
                                                                                                                                                                                                                        • Opcode ID: 5d382195fbb6705b94d312a7b3626cfaffb87455251e26ab7c114df8dad6e263
                                                                                                                                                                                                                        • Instruction ID: acbd90e22e39cdb3f4a88d0a9ce28f702220cb2290c7c5d31642005fd882524f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d382195fbb6705b94d312a7b3626cfaffb87455251e26ab7c114df8dad6e263
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E3318121B0B64345EA25FF26A8551B96761AF85BC0F4D4036EF8E473BAEE3DE8118700
                                                                                                                                                                                                                        Function 00007FFE007614C9 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_supported_groups
                                                                                                                                                                                                                        • API String ID: 193678381-425071466
                                                                                                                                                                                                                        • Opcode ID: c7a8b8b15f90bd3aca2e995ecc8e8e3241de1562e04c97f16854df04c7a34868
                                                                                                                                                                                                                        • Instruction ID: 52174bf70aa0a551f342b3d5b3e5898127705a70e375526276fffab93f0def81
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7a8b8b15f90bd3aca2e995ecc8e8e3241de1562e04c97f16854df04c7a34868
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13515B11B0E643A1F6A0B722EA157BA1690AF85780F5C4031EF4E47BFEDE3CE5428B51
                                                                                                                                                                                                                        Function 00007FFE0079CC30 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 111COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,00007FFE0079D864,?,?,?,?,?,?,00007FFE0079BA38), ref: 00007FFE0079CC68
                                                                                                                                                                                                                        • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,00007FFE0079D864,?,?,?,?,?,?,00007FFE0079BA38), ref: 00007FFE0079CCBA
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_indentO_printf
                                                                                                                                                                                                                        • String ID: <EMPTY>$UNKNOWN$client_verify_data$extension_type=%s(%d), length=%d$server_verify_data
                                                                                                                                                                                                                        • API String ID: 1860387303-127224826
                                                                                                                                                                                                                        • Opcode ID: 270b45433412e43fd87624bd264d7ce66b6c76fd94801257062ea7d2873f6300
                                                                                                                                                                                                                        • Instruction ID: 2cb53239978a63b717de87a61aa42607aa812e32c3807a6adc8a2470d237c29c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 270b45433412e43fd87624bd264d7ce66b6c76fd94801257062ea7d2873f6300
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ED41B271A0D68295E634AB12E5046BA6765FB84B84F888032DF8D13B7DCF7CF945C740
                                                                                                                                                                                                                        Function 00007FFE0076231A Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$tls_process_change_cipher_spec
                                                                                                                                                                                                                        • API String ID: 193678381-3810074443
                                                                                                                                                                                                                        • Opcode ID: cd429f5ceeada9ff1fd9bc91a67c85cadb83a7396586a860847036504701c4f6
                                                                                                                                                                                                                        • Instruction ID: 44d7586b5d65f96c7c8af02049f05a48309cf75adfdc1a693f6078fe8d358cd1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd429f5ceeada9ff1fd9bc91a67c85cadb83a7396586a860847036504701c4f6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09416F21B0A54781FB60B761D8557B512A1EF94B54F8C4032CB4E47BEACE6CE982C715
                                                                                                                                                                                                                        Function 00007FFE0079C8B0 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 182COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_printf$O_indent
                                                                                                                                                                                                                        • String ID: EncryptedPreMasterSecret$GOST-wrapped PreMasterSecret$GostKeyTransportBlob$KeyExchangeAlgorithm=%s$dh_Yc$ecdh_Yc$psk_identity
                                                                                                                                                                                                                        • API String ID: 1715996925-113291103
                                                                                                                                                                                                                        • Opcode ID: 6d3057d1a231cbb36c20fcc5b5a2c867c9d973a5f5d69181f3abce88dc4a62e9
                                                                                                                                                                                                                        • Instruction ID: 7b4dfecdf8cd92d250a5c6563c56be818054e4c9adffa9a29581b7d3d6aca7b0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6d3057d1a231cbb36c20fcc5b5a2c867c9d973a5f5d69181f3abce88dc4a62e9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3761C462B0E68686EE25EB25E4051F97251FF84350F4D4631EFAD07BADDE3CE504C240
                                                                                                                                                                                                                        Function 00007FFE007619B5 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 161COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: %"v$..\s\ssl\statem\extensions.c$tls_construct_extensions
                                                                                                                                                                                                                        • API String ID: 193678381-663403780
                                                                                                                                                                                                                        • Opcode ID: 992176a5b5607ad23ec96c98088b2225bfd6718f6d21463046d42dc7daaa6d09
                                                                                                                                                                                                                        • Instruction ID: fc27ed1652257517b2dcd76746f8b1e836aafedf788bf9472875fcb0fc11b7ac
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 992176a5b5607ad23ec96c98088b2225bfd6718f6d21463046d42dc7daaa6d09
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD519D21B0A68782F660AB26E8047BB6290BB80784F5C4131DF8E57BF9CF3CE945C740
                                                                                                                                                                                                                        Function 00007FFE00788150 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$ssl_read_internal
                                                                                                                                                                                                                        • API String ID: 1552677711-1892056158
                                                                                                                                                                                                                        • Opcode ID: 1d1c3011cee07d316ca8084546e9506019f39c3765b74eccc4fa9aef4332d95d
                                                                                                                                                                                                                        • Instruction ID: 3084b33ac622014c6fd5570e1b64e9b32fa61d89d7f7c7fbe06f8e5ea757d202
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d1c3011cee07d316ca8084546e9506019f39c3765b74eccc4fa9aef4332d95d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34316231A0EB8282E760FB55E8452A96261FB85B84F9C0135EB8D477BDCF3CE941C711
                                                                                                                                                                                                                        Function 00007FFE00761956 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$X_copy_exX_freeX_new
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$tls13_save_handshake_digest_for_pha
                                                                                                                                                                                                                        • API String ID: 401794203-262298153
                                                                                                                                                                                                                        • Opcode ID: 412538726b70e8aeea752b51d591ae0eec0ce614aada8c58043d0c8b522c0924
                                                                                                                                                                                                                        • Instruction ID: 7360dbb61bafa4aa1daff400d4b88444a19e590ed489935e2975bb72e2599276
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 412538726b70e8aeea752b51d591ae0eec0ce614aada8c58043d0c8b522c0924
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81114C50F1B54381FB60B762A815BF91260AF84748F8C5032DF8E467AEEF2CA9918750
                                                                                                                                                                                                                        Function 00007FFE007611EF Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_enable_ct$SSL_CTX_set_ct_validation_callback
                                                                                                                                                                                                                        • API String ID: 1552677711-3272436952
                                                                                                                                                                                                                        • Opcode ID: 78e2257baf700adbd38549e4bf79a381f03b0b8f51c99a11d455d46dc1606f33
                                                                                                                                                                                                                        • Instruction ID: 1513753c3a03ccd4ef6fd2e7588874762bbe7c69cf7fdcc662fcebd530d25aa2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 78e2257baf700adbd38549e4bf79a381f03b0b8f51c99a11d455d46dc1606f33
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1114F61E0B64392F766B76198413F90191AF88340F9C4035E70D967FEEE2DE9919322
                                                                                                                                                                                                                        Function 00007FFE0076D0E7 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                        • API String ID: 1552677711-3079590724
                                                                                                                                                                                                                        • Opcode ID: 647f6102359a00cf9e9c7af045089e41ac30f796cde26c90a698534f37350cf2
                                                                                                                                                                                                                        • Instruction ID: 803737615a724b9f460faac3b0501c1eb3ad8ba90d0c3b42c27c0c112fda4362
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 647f6102359a00cf9e9c7af045089e41ac30f796cde26c90a698534f37350cf2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6110C50F2F94396F665B76199112B902219F8A390F8D4032DB4E46BFFED6CFC419212
                                                                                                                                                                                                                        Function 00007FFE00761294 Relevance: 15.3, APIs: 10, Instructions: 294COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_ctrl$X_get0_cipher$D_get_sizeR_get_flagsR_get_modeX_get0_mdX_get_block_size
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3427282322-0
                                                                                                                                                                                                                        • Opcode ID: 4feb015c556301ad6c4961c382fb80ee6ed395167a102adc06510b3f6a021619
                                                                                                                                                                                                                        • Instruction ID: da667c5419344fc2fd0f1dfa4998fa466f7bf66407ceb79ad94ac26846a6a2d2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4feb015c556301ad6c4961c382fb80ee6ed395167a102adc06510b3f6a021619
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5BD1A562A0AAC184D791AF6580517BD77A0FB59B88F0C813AEF8D473AADF3CD551C311
                                                                                                                                                                                                                        Function 00007FFE00761BAE Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                        • String ID: exporter
                                                                                                                                                                                                                        • API String ID: 3991325671-111224270
                                                                                                                                                                                                                        • Opcode ID: 9c3de317adf22606a9c25ed1c32fb80e08f2c83e6dfca8d00e14f4eb4bd797aa
                                                                                                                                                                                                                        • Instruction ID: e83615c86308bf19cc0e3ee44cbabfc101cd27d4c870ba26632c29548ebbf911
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c3de317adf22606a9c25ed1c32fb80e08f2c83e6dfca8d00e14f4eb4bd797aa
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B351513260A7C285EA61AB56A5502EE63A5FB8ABC4F480436FF8D4776DDF3CE500C740
                                                                                                                                                                                                                        Function 00007FFE007620BD Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Digest$Final_exInit_ex$UpdateX_freeX_new
                                                                                                                                                                                                                        • String ID: exporter
                                                                                                                                                                                                                        • API String ID: 3991325671-111224270
                                                                                                                                                                                                                        • Opcode ID: 0eb7ef7e1f52d3b6e0abbcb6f882b6bcae9db1f567b75065bf76984a9da8a7d1
                                                                                                                                                                                                                        • Instruction ID: e661c15a481b1138869b6ba406fdcf26cfd311fd916ac8b597cc4ac7858ebee4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0eb7ef7e1f52d3b6e0abbcb6f882b6bcae9db1f567b75065bf76984a9da8a7d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5741333260A7C245EA24AB56A8547EAB2A4FF857C4F484036EF8D47B6DDE7CE405CB40
                                                                                                                                                                                                                        Function 00007FFE007621EE Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newmemcpy$R_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$CLIENT_RANDOM$tls_construct_finished
                                                                                                                                                                                                                        • API String ID: 3909032045-3711601257
                                                                                                                                                                                                                        • Opcode ID: 63671d9e7c68ca0ff9097a2afe93ddb4f7b6073ec38e182b5f3af550d5088dab
                                                                                                                                                                                                                        • Instruction ID: 36ef7d22ec9b74a8fd0de3005b453643098bfdb9d0d8ed726c99fac515d559df
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63671d9e7c68ca0ff9097a2afe93ddb4f7b6073ec38e182b5f3af550d5088dab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85517D32A1A64285E790AB65D4447F823A1EB44B88F5C2037DF8E477A9DF3DE880C390
                                                                                                                                                                                                                        Function 00007FFE00762243 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 109COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_client_certificate
                                                                                                                                                                                                                        • API String ID: 193678381-1244782752
                                                                                                                                                                                                                        • Opcode ID: f30603005ba07503170490224f2e807b9e4216b8cc2b66fe0531ef68e024cd8d
                                                                                                                                                                                                                        • Instruction ID: 3e84293d59821da66a659fb5f0dac6845be6d5d0e5ad9efd689a768fe5cee00b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f30603005ba07503170490224f2e807b9e4216b8cc2b66fe0531ef68e024cd8d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B414251B1AA8281F7E0B666E944BB91391AB45BC8F5C4136DF4D477EEDF2DE4808300
                                                                                                                                                                                                                        Function 00007FFE0076153C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_padding
                                                                                                                                                                                                                        • API String ID: 193678381-159523455
                                                                                                                                                                                                                        • Opcode ID: b4b04336586df8e4d53d4f92fb937219b1b111114c16293abed3ccac2ff2e0ce
                                                                                                                                                                                                                        • Instruction ID: e89eb5314e4111e85bad654084639659db92f0ab31fc94225b0de0650d1e551f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b4b04336586df8e4d53d4f92fb937219b1b111114c16293abed3ccac2ff2e0ce
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9418F21B0A64281FB50B715E9513BA52A1EF85784F5C0432EB5D4B7EEDF6DDA818700
                                                                                                                                                                                                                        Function 00007FFE007610EB Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_psk
                                                                                                                                                                                                                        • API String ID: 193678381-1931443905
                                                                                                                                                                                                                        • Opcode ID: ab1197f6afbdc2a9b2d3ec61f24795e56c20c0e13283179fcd65244047a83ee2
                                                                                                                                                                                                                        • Instruction ID: fb71972f00e1bd339421dd5d0e79f31900c555777cb44b18086ed2ec774b4b1c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab1197f6afbdc2a9b2d3ec61f24795e56c20c0e13283179fcd65244047a83ee2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 23419322B0AA8681F751EB25D4513FD23A0EB84B48F4C5131EF4D4B3AADF3DE6818B10
                                                                                                                                                                                                                        Function 00007FFE007CE230 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_ctrlR_newR_set_debugmemcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$TLS 1.3, client CertificateVerify$TLS 1.3, server CertificateVerify$get_cert_verify_tbs_data
                                                                                                                                                                                                                        • API String ID: 152836652-3760622993
                                                                                                                                                                                                                        • Opcode ID: edf75aa3b880e2104bd9578aeaa08da8c1b383433bee9b73c0862fc6355a9b99
                                                                                                                                                                                                                        • Instruction ID: 21866e530d7f6b5032a26c3dfea39da889ddda3c0ce58c54b3b23a1d0b1e8a70
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: edf75aa3b880e2104bd9578aeaa08da8c1b383433bee9b73c0862fc6355a9b99
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D341E522A0AAC2C1E7A0EF15D4407BD2760FB95B84F5C9136DB8D87BA9DF2DE591C300
                                                                                                                                                                                                                        Function 00007FFE0076220C Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                                                                                                                                                        • API String ID: 193678381-3379596787
                                                                                                                                                                                                                        • Opcode ID: 7f047ef4a91d2517906812dfc73a69850bcb6af0221a0f44b1dfe8972f153ce2
                                                                                                                                                                                                                        • Instruction ID: f038b7b4e1bdcf6bed9e3855d33a2b1dae1766577ba23bf5dc38a8e6abf549c7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7f047ef4a91d2517906812dfc73a69850bcb6af0221a0f44b1dfe8972f153ce2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1218E21F1A58382F760B761D816BF91250EF85740F9C4032DB4E87BEADE6CEA818711
                                                                                                                                                                                                                        Function 00007FFE00761947 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\d1_msg.c$dtls1_write_app_data_bytes
                                                                                                                                                                                                                        • API String ID: 1552677711-1870589286
                                                                                                                                                                                                                        • Opcode ID: b2aeda71e0f10ff5d104f444f2d6a97a66499aa94998217004147aa1704fb417
                                                                                                                                                                                                                        • Instruction ID: 0b54cd6d7f4c72756c224c70b5cae82fbf7fd2ca8ddc68d08e5dd2ad049deaa4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2aeda71e0f10ff5d104f444f2d6a97a66499aa94998217004147aa1704fb417
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1216220B0EA8781F650B725E8013BA6260AF95794F5C0232EB4E47BFEDE2CE8414712
                                                                                                                                                                                                                        Function 00007FFE00773130 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_new_nullL_sk_pushR_newR_set_debugR_set_errorX509_up_ref
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_cert.c$ssl_cert_add0_chain_cert
                                                                                                                                                                                                                        • API String ID: 3689422639-110169278
                                                                                                                                                                                                                        • Opcode ID: 99e065858e88f5b9ecf49510d91394248c314b9a864670d225bb8f36a3b11077
                                                                                                                                                                                                                        • Instruction ID: 6f616c6fcaf474be3c48fd36f284e5d62e232a037047bbb3d7f36f38036977c9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99e065858e88f5b9ecf49510d91394248c314b9a864670d225bb8f36a3b11077
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A117221B0AA8682FA55BB25E4103B953B0AF447C4F5C0432EF4C07BAEDF3CE9418700
                                                                                                                                                                                                                        Function 00007FFE00762338 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_check_private_key
                                                                                                                                                                                                                        • API String ID: 1552677711-2096838628
                                                                                                                                                                                                                        • Opcode ID: 5ea4a2f83997b8a4f9335d4e329ff78186c293e41e53f9a9ea782533eb3cb6ab
                                                                                                                                                                                                                        • Instruction ID: 9e730f82ebe1e1a5b463f52469eb693a3a353c825b5eb58d73bd95f89cf3f383
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5ea4a2f83997b8a4f9335d4e329ff78186c293e41e53f9a9ea782533eb3cb6ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34015A54F0FA4281FA56B7A5C8553B92261AF88B80F9C4036DB0D16BFEDE2CE9465311
                                                                                                                                                                                                                        Function 00007FFE0076127B Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$ErrorLast
                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_write_pending
                                                                                                                                                                                                                        • API String ID: 2616572124-1219543453
                                                                                                                                                                                                                        • Opcode ID: a2f331438ba00d19574b5e2d7ab4cd7de079842aa69e50044dfc923e990c3ff4
                                                                                                                                                                                                                        • Instruction ID: 6693d6dd0a551a673d6da3c826f9b48a180c43ab5792340b9dad0ff8b7368ceb
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a2f331438ba00d19574b5e2d7ab4cd7de079842aa69e50044dfc923e990c3ff4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F41A0B2B0AA4182F7A0AB15D5447B973A0FB85B84F1C8136EB4D07BADDF3DE4518341
                                                                                                                                                                                                                        Function 00007FFE007AE9D0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$L_sk_num
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c$tls_construct_certificate_authorities
                                                                                                                                                                                                                        • API String ID: 2899912155-903051733
                                                                                                                                                                                                                        • Opcode ID: 76d98890604127e7ecc2d5f884e7f8f741c35995e0341fa4c29aeb5bc96f2245
                                                                                                                                                                                                                        • Instruction ID: 991c103b752c2d48a2d18fcdb8cdf9968e8cbf42b677fa608bf23d916647782a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76d98890604127e7ecc2d5f884e7f8f741c35995e0341fa4c29aeb5bc96f2245
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16215C11B1E68341FA90B722F9156BA5250AF85BC4F8C5031FF4E57BEEDE2CE9418704
                                                                                                                                                                                                                        Function 00007FFE007AA080 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$R_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\ssl3_record.c$early_data_count_ok
                                                                                                                                                                                                                        • API String ID: 476316267-4150192623
                                                                                                                                                                                                                        • Opcode ID: 5c54f0c2c42b69c92628c76a614c039758d21d18141a7cb5f852ffb02c2e075f
                                                                                                                                                                                                                        • Instruction ID: 3f67d86751edbc0ad565436a5ccf70934e2015d9ae192f8ca2210640bf570717
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5c54f0c2c42b69c92628c76a614c039758d21d18141a7cb5f852ffb02c2e075f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2731E021B0A546D2FBA4EB25E4407BD22A1EF81744F5C4035EB0D4B7A9CF3CE982CB01
                                                                                                                                                                                                                        Function 00007FFE00761B22 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$memcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$dtls_process_hello_verify
                                                                                                                                                                                                                        • API String ID: 31086664-1847652839
                                                                                                                                                                                                                        • Opcode ID: 07fa7c377fb9e2c3e85c4b3f4c80a9268d23323efae93389544496ab1a4a1784
                                                                                                                                                                                                                        • Instruction ID: 43f18a8a08e68f90f0947736c1e9cf11001e35aa4d6b1148f82797ce3a22fa77
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07fa7c377fb9e2c3e85c4b3f4c80a9268d23323efae93389544496ab1a4a1784
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B821D661F0AA8181E764BB25E9013BA6361FB49790F4C8235DB9D477EEDF2CE6908740
                                                                                                                                                                                                                        Function 00007FFE007618E3 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 66COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition$ossl_statem_client_write_transition
                                                                                                                                                                                                                        • API String ID: 193678381-362363770
                                                                                                                                                                                                                        • Opcode ID: d22fdbb112affdc835ab4f78b4c6e42dc0328af198725e085c2f07972e3c75e6
                                                                                                                                                                                                                        • Instruction ID: dd654b2014f0acde344e2ca26a95ddd415d412d898b3e4e562f1ac4ab7b7d09e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d22fdbb112affdc835ab4f78b4c6e42dc0328af198725e085c2f07972e3c75e6
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A621D821B0E94282E754FB15E994BBD2361FB44784F4C4035DB4D87BBECE2CE9968700
                                                                                                                                                                                                                        Function 00007FFE0076106E Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_post_process_message$tls_post_process_client_key_exchange
                                                                                                                                                                                                                        • API String ID: 193678381-715354105
                                                                                                                                                                                                                        • Opcode ID: 9831d5e91e0e05b337a88b35067def61c377001da97ad005a8038c26d88483a5
                                                                                                                                                                                                                        • Instruction ID: 677b02ba2d527be010fa4aad88705825b6938443a7208f6ac323262e7ec97086
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9831d5e91e0e05b337a88b35067def61c377001da97ad005a8038c26d88483a5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83217C21F5A54392F7A0B765D8567B912A0AF84704F9C4432DB5E867FADE3CEAC28700
                                                                                                                                                                                                                        Function 00007FFE0078C040 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_errorY_freeY_up_ref
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c$ssl_set_pkey
                                                                                                                                                                                                                        • API String ID: 4194652714-507513155
                                                                                                                                                                                                                        • Opcode ID: c566581f58e1a20692269512846b10992f1b0e00bdf86cd5d0764f38237cf847
                                                                                                                                                                                                                        • Instruction ID: 1b0fd046894e54e47c8460cfb12bb683ca193ef262690d9bd89c7cef582af826
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c566581f58e1a20692269512846b10992f1b0e00bdf86cd5d0764f38237cf847
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9B217562B19A4292EF50FB15E9502B96370FB897C4F9C4132EB4E437A9DE3DD9518700
                                                                                                                                                                                                                        Function 00007FFE007612C1 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_numR_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_set_ssl_version
                                                                                                                                                                                                                        • API String ID: 2983925012-1434314342
                                                                                                                                                                                                                        • Opcode ID: de7af9a8002a7265b59531912c3e72b1205b8a41de960d78bd4ae598ca37786d
                                                                                                                                                                                                                        • Instruction ID: d85812604400df774f2d005b333466e02d5a9e378e73786675e3686ec4bc3b7f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de7af9a8002a7265b59531912c3e72b1205b8a41de960d78bd4ae598ca37786d
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3115E91A0B60382FB65B761A8062F91250AF49784F8C4431EB4E873FEDE2CE9528351
                                                                                                                                                                                                                        Function 00007FFE007D03C0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$X_copy_ex
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$tls13_restore_handshake_digest_for_pha
                                                                                                                                                                                                                        • API String ID: 3813578642-2862071989
                                                                                                                                                                                                                        • Opcode ID: 014ffa14c80ab47ebd4243da50ec09e5cece0ad2e46f9c323556154d44df1dcc
                                                                                                                                                                                                                        • Instruction ID: 6bb57d298254945affaa3043990216976f7331e25c80c922e11059374ea56012
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 014ffa14c80ab47ebd4243da50ec09e5cece0ad2e46f9c323556154d44df1dcc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 94017150F1A54381FB60B7A2EC25BF901619F84344F9C5032DB4D46BEAEE2CED818740
                                                                                                                                                                                                                        Function 00007FFE00786940 Relevance: 12.1, APIs: 8, Instructions: 68COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_num$E_dupL_sk_new_nullL_sk_valueX509_
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3273602126-0
                                                                                                                                                                                                                        • Opcode ID: 881ac52d8e42a3e634f706a0947f41ac1587dba43d80824104df64d6d3a7b18e
                                                                                                                                                                                                                        • Instruction ID: efb5d7b781ff19899567faa25b53fe711faca41ddb642237f320a484c0146f80
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 881ac52d8e42a3e634f706a0947f41ac1587dba43d80824104df64d6d3a7b18e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51215021B0E64285FA64FB66654127952A1AF48BC4F4C4035EF8E47BAEDE3DF8118700
                                                                                                                                                                                                                        Function 00007FFE00762293 Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_free$O_new$O_s_connect
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 3895418919-0
                                                                                                                                                                                                                        • Opcode ID: 09d7bef003b35f56610a8ffa23070becaf30355512767d9973eed380cd1290e9
                                                                                                                                                                                                                        • Instruction ID: c433c6c2bcae1c21fdcfd65b718cf068928e3d9ee3c994819b6e59196a5c6c3a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09d7bef003b35f56610a8ffa23070becaf30355512767d9973eed380cd1290e9
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA111811F1F74385FE64B69665612B902A16F85BC4E4C1035EB4F0BBAFEE2CE8524301
                                                                                                                                                                                                                        Function 00007FFE007CC2C0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_ctrlX_get0_cipher$D_get_sizeR_get_flagsR_get_modeR_newR_set_debugX_get0_mdX_get_block_sizememcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_retransmit_message
                                                                                                                                                                                                                        • API String ID: 4032328484-3409696843
                                                                                                                                                                                                                        • Opcode ID: 4ff288eee4b7cb3fe1256c2fac8c699a69a92410a84f81026d918c2d19d6f71b
                                                                                                                                                                                                                        • Instruction ID: 44ef54c05cbc06fcbd604c619f7e57d0301ac48604965b29b842e3241bdd5c84
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ff288eee4b7cb3fe1256c2fac8c699a69a92410a84f81026d918c2d19d6f71b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF619C32205B85C2D794EB16E484BAA77A8FB88B90F594036EF9D43769CF3DD461C300
                                                                                                                                                                                                                        Function 00007FFE007618A7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_ctrlR_newR_set_debugmemcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_dtls.c$dtls1_retransmit_message
                                                                                                                                                                                                                        • API String ID: 152836652-3409696843
                                                                                                                                                                                                                        • Opcode ID: eb185db770c5c399314ec9ff4d4e9ba1ee8b48febe3c0dd6f3e67cc8817c356f
                                                                                                                                                                                                                        • Instruction ID: f771b294f66f3246746182a7e9e0ac7dcd2720c260ad26627691779c7692a4f4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: eb185db770c5c399314ec9ff4d4e9ba1ee8b48febe3c0dd6f3e67cc8817c356f
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7516A32309BC5D2D794AB26E5847AA77A8FB88B80F544026EF9D83755CF3DD461C700
                                                                                                                                                                                                                        Function 00007FFE0076215D Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 89COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                          • Part of subcall function 00007FFE00791680: ERR_new.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFE00792C00), ref: 00007FFE00791745
                                                                                                                                                                                                                          • Part of subcall function 00007FFE00791680: ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFE00792C00), ref: 00007FFE00791765
                                                                                                                                                                                                                        • OPENSSL_cleanse.LIBCRYPTO-3 ref: 00007FFE00792E48
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_cleanseR_newR_set_debug
                                                                                                                                                                                                                        • String ID: $ $0$extended master secret$master secret
                                                                                                                                                                                                                        • API String ID: 4043487175-741269486
                                                                                                                                                                                                                        • Opcode ID: 632837cd04c36d3e08a8e14a74e7fba73ae231988af0ccfaa73eecf7652ab137
                                                                                                                                                                                                                        • Instruction ID: 1d7a08ae1e2049b68b503840ce0713a28280e789f739240d7455de17a3a25db4
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 632837cd04c36d3e08a8e14a74e7fba73ae231988af0ccfaa73eecf7652ab137
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 60413C72609B8191E720EB15F8843AAB6E4FB887C4F584135EB8C42B79DF7DD152CB00
                                                                                                                                                                                                                        Function 00007FFE007619CE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 83COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_ec_pt_formats
                                                                                                                                                                                                                        • API String ID: 193678381-302162076
                                                                                                                                                                                                                        • Opcode ID: 2e6f849943d6a0d85471fc6859da793c24f887d7c1d3d7d27a83da3f673b6f4c
                                                                                                                                                                                                                        • Instruction ID: f477d4e5fb76b088d834bf57d0f30aab203c1b547d7434bc50d57f120249b279
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e6f849943d6a0d85471fc6859da793c24f887d7c1d3d7d27a83da3f673b6f4c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49317021B0E68341E660B752E9057BA6751AF847C4F4C4032EF4E4BBAFDE6CE9458B00
                                                                                                                                                                                                                        Function 00007FFE007624BE Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$dtls_construct_hello_verify_request
                                                                                                                                                                                                                        • API String ID: 193678381-1802759638
                                                                                                                                                                                                                        • Opcode ID: 2850ca749253e857390bc61ba79b17576458301e42ec05df5474438db862f8bb
                                                                                                                                                                                                                        • Instruction ID: e2f551955d731aa5b6dcf276f86331fdb02880167dc0979398209d9e0ea64a1c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2850ca749253e857390bc61ba79b17576458301e42ec05df5474438db862f8bb
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E312521B1958242E760BB56EC40BF92265AB44BD4F5C0132EF9E47BFECF2DE5418700
                                                                                                                                                                                                                        Function 00007FFE007622A7 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_status_request
                                                                                                                                                                                                                        • API String ID: 193678381-3840607856
                                                                                                                                                                                                                        • Opcode ID: 3c9ec4ed8f8396908c19033a58872398fe0c646bd18f2a8525cd0826e1d5d662
                                                                                                                                                                                                                        • Instruction ID: db126b538fb34f87332c5835a612b718a6d3886fa47a7ed80044577da53e3132
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c9ec4ed8f8396908c19033a58872398fe0c646bd18f2a8525cd0826e1d5d662
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F216D22F1A54282FB65F755D8447B812A1EF84744F5C5031EB0D877FDCE6DA9C1C601
                                                                                                                                                                                                                        Function 00007FFE00761208 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_errorX_set0_default$conf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_mcnf.c$ssl_do_config
                                                                                                                                                                                                                        • API String ID: 4067701900-1861514004
                                                                                                                                                                                                                        • Opcode ID: d35d3c23a075dbd18a00e5cbd0f65a7bdb921d6ef15894a829648fb3bc9ffbb4
                                                                                                                                                                                                                        • Instruction ID: 9c597bb14b41c38324b29a1838ae4114ce4aabd95a64073fa5a73a81bc605658
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d35d3c23a075dbd18a00e5cbd0f65a7bdb921d6ef15894a829648fb3bc9ffbb4
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E019292F0F24692FB64B6927C06BFA15516F907D0E5C8035FF0E0BBEADD2CA9469301
                                                                                                                                                                                                                        Function 00007FFE007611C2 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_maxfragmentlen
                                                                                                                                                                                                                        • API String ID: 193678381-2768509386
                                                                                                                                                                                                                        • Opcode ID: 5d9f5a8872d72cd0dda0591356085c1abdf8c58afb537907996113654a1c6f1e
                                                                                                                                                                                                                        • Instruction ID: 590a22a86ba9d290b5e885c3c99211dece0c37f6c0dc8bf5b37348ee0c48ce68
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5d9f5a8872d72cd0dda0591356085c1abdf8c58afb537907996113654a1c6f1e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E411B261F0A68781F752B721E8417F82250DB85B40F9C8132DB5D47BEADF2CEAD18700
                                                                                                                                                                                                                        Function 00007FFE007AED20 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c$final_ems
                                                                                                                                                                                                                        • API String ID: 193678381-1856277603
                                                                                                                                                                                                                        • Opcode ID: c3d21715f82fb750d369fd897d142e96d67486cf357ddeff4b98377adb5b5872
                                                                                                                                                                                                                        • Instruction ID: 115b82f42cdb3155b742610717d3e9630a41f4fd47f6a9b2af21b3a9a0d26b9e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c3d21715f82fb750d369fd897d142e96d67486cf357ddeff4b98377adb5b5872
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD119E21F0A14386F7A4F7A6D8097F82251EBC6710F9C5032D70D46BFACE3DA9868701
                                                                                                                                                                                                                        Function 00007FFE007AE080 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c$final_renegotiate
                                                                                                                                                                                                                        • API String ID: 193678381-1135624566
                                                                                                                                                                                                                        • Opcode ID: d4426147b3ccce134b531e04148ddf8622f480012cec1f154ba5b40c37154f52
                                                                                                                                                                                                                        • Instruction ID: e54c08fa834a2e5f2020dda3b258850fa28ec54b45d1c001f3bd252804da6017
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4426147b3ccce134b531e04148ddf8622f480012cec1f154ba5b40c37154f52
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A7117061F1B15782FB61B755E846BB41250AF82351F9C4031EB0D5ABFADE3DA9828701
                                                                                                                                                                                                                        Function 00007FFE007842A0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_errormemcpy
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_set_session_id_context
                                                                                                                                                                                                                        • API String ID: 1331007688-2523474329
                                                                                                                                                                                                                        • Opcode ID: 9bb603b4da55ab756aec237d2dd3c42fa578c3e8bf15eb550f550ff7c5317006
                                                                                                                                                                                                                        • Instruction ID: 0d637d302ac3182e63fd956e656f6921a621b815fc583d8b78a9aa8c732b249b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9bb603b4da55ab756aec237d2dd3c42fa578c3e8bf15eb550f550ff7c5317006
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FF06D15F1A55282F364B3A5D8467F81160BF85340FD84032E74D06BFBDD6DAA860B01
                                                                                                                                                                                                                        Function 00007FFE00781050 Relevance: 9.1, APIs: 6, Instructions: 69COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: L_sk_num$L_sk_freeL_sk_new_nullL_sk_pushL_sk_value
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1173513325-0
                                                                                                                                                                                                                        • Opcode ID: 21ce5ee77590a4e5d0093743cb8d36fbadc6bc908951ab00f1948e728edddc60
                                                                                                                                                                                                                        • Instruction ID: bc6a8463e065efe1e0c42205f00c693453a0532e536ba8db3ee40f9c7f6caf4c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21ce5ee77590a4e5d0093743cb8d36fbadc6bc908951ab00f1948e728edddc60
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 35215011F4B69281FA65FA62680527991A8AF84FC0F8C5035EF4E57BAEDE3CE8434700
                                                                                                                                                                                                                        Function 00007FFE0079EB30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        • BIO_indent.LIBCRYPTO-3(FFFFFFFE,00000000,0000004D,00007FFE0079EA11,?,?,?,?,?,?,?,00007FFE0079DC0C), ref: 00007FFE0079EBA4
                                                                                                                                                                                                                        • BIO_printf.LIBCRYPTO-3(FFFFFFFE,00000000,0000004D,00007FFE0079EA11,?,?,?,?,?,?,?,00007FFE0079DC0C), ref: 00007FFE0079EBDD
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_indentO_printf
                                                                                                                                                                                                                        • String ID: Signature$Signature Algorithm: %s (0x%04x)$UNKNOWN
                                                                                                                                                                                                                        • API String ID: 1860387303-3399393549
                                                                                                                                                                                                                        • Opcode ID: 0613021053b4ed084d0306e48f0d340acd3400875a9f2856ea56d72a54291c8a
                                                                                                                                                                                                                        • Instruction ID: 2faeb3448e4a0fb92e6d227cc23c59c191eec3af15c78232c75a05a980d5a70a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0613021053b4ed084d0306e48f0d340acd3400875a9f2856ea56d72a54291c8a
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F831D262B09A8186D710EF1AE8055A977A1F785BB0F4D4632EFAD037E5DE7CD142C700
                                                                                                                                                                                                                        Function 00007FFE00761B45 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 57COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_msg.c$ssl3_do_change_cipher_spec
                                                                                                                                                                                                                        • API String ID: 1552677711-2597545827
                                                                                                                                                                                                                        • Opcode ID: 60e520d8aebe081696f54a5925cd5329a05629a48b89abccf59f5ae7d3e1307c
                                                                                                                                                                                                                        • Instruction ID: 0fef1bd6335f55e939118c8c31a018b7a9ac86695bdba23a6beed75d6274e960
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 60e520d8aebe081696f54a5925cd5329a05629a48b89abccf59f5ae7d3e1307c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E215432B16645C2EB54AB29E8443AD53A0FB88B84F5D5032DB4E477AADE3DD8C1C781
                                                                                                                                                                                                                        Function 00007FFE0076D1D1 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                                        • API String ID: 1552677711-3079590724
                                                                                                                                                                                                                        • Opcode ID: 1768015b2e96c023717ce311250397d4b792989539d8cee6a4d4ba9476dad3b2
                                                                                                                                                                                                                        • Instruction ID: fc509c9a7945575cd864919af7157295a8784e72e11c63abdc6e894f84a8ba3c
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1768015b2e96c023717ce311250397d4b792989539d8cee6a4d4ba9476dad3b2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BF05E51B1B982D5F660B755E4012F81320AB85790F8D0032DB4E46BBE9E2CE9419312
                                                                                                                                                                                                                        Function 00007FFE00761A00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_peek
                                                                                                                                                                                                                        • API String ID: 1552677711-1473178562
                                                                                                                                                                                                                        • Opcode ID: 549a85a6a9ca516ca552cd83e4dd37cc7eedca88ab8cc295ff787cddf5c172ec
                                                                                                                                                                                                                        • Instruction ID: 28120569fe0007da26fc72659a10f18c7dea601709768767191f98bc8c15b56d
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 549a85a6a9ca516ca552cd83e4dd37cc7eedca88ab8cc295ff787cddf5c172ec
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68F08C60F0B54282E614F379C802AB91120AF84300FD80031E31D46BFBCE2CEA464B01
                                                                                                                                                                                                                        Function 00007FFE00761406 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 25COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_write
                                                                                                                                                                                                                        • API String ID: 1552677711-558453729
                                                                                                                                                                                                                        • Opcode ID: d526bf17079e6ad38306b429c23f1ecf1d37b7da0b4fcc2483fc7c3d93d46ed2
                                                                                                                                                                                                                        • Instruction ID: 635d78370309ce081559e38ecc8f3f34c0fe0b5e8087c239399df445707085be
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d526bf17079e6ad38306b429c23f1ecf1d37b7da0b4fcc2483fc7c3d93d46ed2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEF08564F0A59382F620B32AD806BB91620AF84300FD80131E74D46BFADE2DEA459B11
                                                                                                                                                                                                                        Function 00007FFE0078AA00 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 20COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_rsa.c$SSL_use_PrivateKey
                                                                                                                                                                                                                        • API String ID: 1552677711-3350344708
                                                                                                                                                                                                                        • Opcode ID: 39aeeff93d880d088d74853257a303468bb6a027ed3e7ecd6526d0c7d711cfc0
                                                                                                                                                                                                                        • Instruction ID: 098ad8a2834c92edd026b620d7a0defc9e7015a1ca0207251122010cb0011769
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 39aeeff93d880d088d74853257a303468bb6a027ed3e7ecd6526d0c7d711cfc0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07E01A54F1B543C2F654F3699C167B902A1AF84384FAC8032E78D45BBADE2CEA465B12
                                                                                                                                                                                                                        Function 00007FFE007620DB Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$ssl_undefined_void_function
                                                                                                                                                                                                                        • API String ID: 1552677711-3489766127
                                                                                                                                                                                                                        • Opcode ID: ca0a7fe810badc32530875f8cb06c83b8166cce35f602182ed722bbbb44f8f35
                                                                                                                                                                                                                        • Instruction ID: e6bf19a46d591bac2b94746d75943a81ca1c0a2d0029cdf392e0b5b5725bc01f
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca0a7fe810badc32530875f8cb06c83b8166cce35f602182ed722bbbb44f8f35
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2E0EC44F1A04392F650B3609C066FA0121AF81300FDC4031E64D46BFADD2CAA465702
                                                                                                                                                                                                                        Function 00007FFE0076218F Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$ssl_bad_method
                                                                                                                                                                                                                        • API String ID: 1552677711-705084354
                                                                                                                                                                                                                        • Opcode ID: dd16eb4a7d0b388ddbfeca5b067ca0391cde673d9038f52f74ede087fe5c3dd5
                                                                                                                                                                                                                        • Instruction ID: 8ea147df14d1c6bfeb1624a834c02ff9cd90f94924732d0d9762669c2b54c914
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dd16eb4a7d0b388ddbfeca5b067ca0391cde673d9038f52f74ede087fe5c3dd5
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FE0EC04F1A14396F650B36098166F91120AF80300FD84031E74D4ABFECE6CEA555701
                                                                                                                                                                                                                        Function 00007FFE0077ED01 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 12COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                                        • String ID: ..\s\ssl\ssl_lib.c$SSL_check_private_key
                                                                                                                                                                                                                        • API String ID: 1552677711-2796319112
                                                                                                                                                                                                                        • Opcode ID: f01a1e306aeb81aaa1ea29a2ccdcb3320a18adca826b765dcde848bbb51b37d3
                                                                                                                                                                                                                        • Instruction ID: d5115344a53267cc8e0f923a65dd8e8929cfb2bc01eba4dd9eed9ea59cf98724
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f01a1e306aeb81aaa1ea29a2ccdcb3320a18adca826b765dcde848bbb51b37d3
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4ED0C954A1A542D2F750B360CC12AFA0122BFC5300FC80032E79C56BFACE3CAA4A9601
                                                                                                                                                                                                                        Function 00007FFE0076225C Relevance: 7.5, APIs: 5, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: X509_$E_add_lookupP_ctrl_exP_storeR_pop_to_markR_set_mark
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1151473306-0
                                                                                                                                                                                                                        • Opcode ID: b8af80d7c4a7d6579b18e7cfe21935d262762ea5c5192b01b8123f3e9a1115ff
                                                                                                                                                                                                                        • Instruction ID: 51375556057d97f0a77e4deba67de8f13b7db2b6ae87b5a2981ef920d25c9f44
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8af80d7c4a7d6579b18e7cfe21935d262762ea5c5192b01b8123f3e9a1115ff
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18F04962B0A74245E7617765F45176D6360EF48BE4F4C4571EB8D07BAEDE3CD4404700
                                                                                                                                                                                                                        Function 00007FFE007C0929 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition
                                                                                                                                                                                                                        • API String ID: 193678381-2379272181
                                                                                                                                                                                                                        • Opcode ID: 6b6ed7f3a678ecc75a7d747022675d142700c22842b4c3ad729f0346f2aae6d1
                                                                                                                                                                                                                        • Instruction ID: 9e4bb9d61d17dced4eb1ae02fc5a00d0c8b96a4bcf3ba5bf15d0205205f035a2
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b6ed7f3a678ecc75a7d747022675d142700c22842b4c3ad729f0346f2aae6d1
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAF0B451F1A44382E340B7659C95BF95751AB44348F5C8031EB0E86BBADE2CD6438740
                                                                                                                                                                                                                        Function 00007FFE007D44F0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server13_write_transition
                                                                                                                                                                                                                        • API String ID: 193678381-3318936413
                                                                                                                                                                                                                        • Opcode ID: 0078360293fa6774baecf074ce71a66c5cd5d0e725b8f867d0eb2be1ebc03443
                                                                                                                                                                                                                        • Instruction ID: c668dab2f9e9c707433b120c353db9d50925e1c3090f207de4ec44965d55dd6e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0078360293fa6774baecf074ce71a66c5cd5d0e725b8f867d0eb2be1ebc03443
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FA01C4B3F09642C2E740A755FCAABAF1770DB54394F9E5032DA4D827F9DA2CD5428702
                                                                                                                                                                                                                        Function 00007FFE007610AA Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 82COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_sig_algs
                                                                                                                                                                                                                        • API String ID: 193678381-4035473336
                                                                                                                                                                                                                        • Opcode ID: 11d015de1a9fcf0067619224bc33120071bddcdfca4f466b925c15e431c974bc
                                                                                                                                                                                                                        • Instruction ID: 05cd43a586cd8583636fa5404b9abb1fb4e821240617694fca8f7b4272927ba8
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11d015de1a9fcf0067619224bc33120071bddcdfca4f466b925c15e431c974bc
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36313C61B0A68741F650B616EA453BA5291AF55BC4F5C0031EF4E87BFFDE2DE8828700
                                                                                                                                                                                                                        Function 00007FFE007623D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 80COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_srp
                                                                                                                                                                                                                        • API String ID: 0-2342567248
                                                                                                                                                                                                                        • Opcode ID: 358a17fbe3d2d3da706c97d863231402fb8d59c6bc4c98501c55b40440b14115
                                                                                                                                                                                                                        • Instruction ID: 7cec6e925985801941d01eedf574dd29dc400e33c40404ca39ac7829424844e3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 358a17fbe3d2d3da706c97d863231402fb8d59c6bc4c98501c55b40440b14115
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 11215C51F1E19341FA90B622E9197B902809F947C4F8C5030EF0E4BBEBDD2DE9818700
                                                                                                                                                                                                                        Function 00007FFE00762225 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_renegotiate
                                                                                                                                                                                                                        • API String ID: 0-2728901138
                                                                                                                                                                                                                        • Opcode ID: 679053ebc9ba0e2be0c101f86a4cc3fa07011eeace9af763c9110728d37b8b8c
                                                                                                                                                                                                                        • Instruction ID: 58706243360fe03185d3dc6c5783be8ce5f77eeb9c4213b2f1eb47aef66c2a0b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 679053ebc9ba0e2be0c101f86a4cc3fa07011eeace9af763c9110728d37b8b8c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9D215350B0A24351FA58B726EA15BF94250AF45BC8F8C1031EF0E8BBEEDE2DE951C700
                                                                                                                                                                                                                        Function 00007FFE00761A87 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_use_srtp
                                                                                                                                                                                                                        • API String ID: 0-3251434361
                                                                                                                                                                                                                        • Opcode ID: 84c188ee20a0f76bfa9c0c709dfe6b6ec2666fe4937065e7168e3bfb6fe92372
                                                                                                                                                                                                                        • Instruction ID: 93471afb61ecfcc4b246e110a2ba1fb36d6626947ba29427eff1f8735aba2216
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84c188ee20a0f76bfa9c0c709dfe6b6ec2666fe4937065e7168e3bfb6fe92372
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2A211F50B1A54355FB94B622EA557BA1251AF847C4F4C4030EF4F8BBEFDE6DE8428700
                                                                                                                                                                                                                        Function 00007FFE00761AF0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 61COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_next_proto_neg
                                                                                                                                                                                                                        • API String ID: 193678381-2301358877
                                                                                                                                                                                                                        • Opcode ID: b49246553786306b50dd6dc612e1d4f988b3be84251c60a258ac4ce42bf04a05
                                                                                                                                                                                                                        • Instruction ID: 92344a5887d331823e2f8771f89497a19ecb1cd1b9f5b253d1832f3f186eb9b9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b49246553786306b50dd6dc612e1d4f988b3be84251c60a258ac4ce42bf04a05
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C9216F62B0A68291EB50AB1AE5047AE63A0EB857C8F5C0031DF4C4BBAEDF6DD5418741
                                                                                                                                                                                                                        Function 00007FFE00761866 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_maxfragmentlen
                                                                                                                                                                                                                        • API String ID: 193678381-2570358037
                                                                                                                                                                                                                        • Opcode ID: e764bcf132bf6faa665165a84e2b9699e2ee4015a3bf704b29aa579b509d1a60
                                                                                                                                                                                                                        • Instruction ID: 673a06b6c2391de46d8e88f5fded9a60bb2ca5f41c68d8650b775b5d3c761675
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e764bcf132bf6faa665165a84e2b9699e2ee4015a3bf704b29aa579b509d1a60
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2117F11B0E64392F790B666F9157F90250AB88780F8C0031EF5E47BEBDE2EE5814700
                                                                                                                                                                                                                        Function 00007FFE00761AA5 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_server_name
                                                                                                                                                                                                                        • API String ID: 193678381-1140354471
                                                                                                                                                                                                                        • Opcode ID: 3a756125b3207988a74fb8d1924fecf43250ba1ea85abce27b618cecaadc4e08
                                                                                                                                                                                                                        • Instruction ID: 2f789bf88f0c28f7a7c85ee9eda8022bb42ab204d72f4c02942e13aebe8e957b
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a756125b3207988a74fb8d1924fecf43250ba1ea85abce27b618cecaadc4e08
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D111B161B0E54291FB90B61AE5587B92260EB88788F5C4031EF0D877FADE2DD8818701
                                                                                                                                                                                                                        Function 00007FFE00762388 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 56COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_psk
                                                                                                                                                                                                                        • API String ID: 0-812599056
                                                                                                                                                                                                                        • Opcode ID: 7759dbcdb6dcc623fed96bae2ebdba9b6fa5abd33760e9c0f9445c232100274e
                                                                                                                                                                                                                        • Instruction ID: bc024f1e7d35b3586920c3fc1009619fee13eabb6d4ad8c46ad043dcc0f5ebc9
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7759dbcdb6dcc623fed96bae2ebdba9b6fa5abd33760e9c0f9445c232100274e
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05115111B0E54351FBA0B616EA457B94251AF847C4F4C1031EF4E4BBEFEE6DE9958700
                                                                                                                                                                                                                        Function 00007FFE00762289 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_npn
                                                                                                                                                                                                                        • API String ID: 193678381-1466421906
                                                                                                                                                                                                                        • Opcode ID: ca60bd79b367bb239acf6a12d06c5c3f72bd0eef479d844c24f4d8bde26a15bd
                                                                                                                                                                                                                        • Instruction ID: 2eaa920019896c7956ba1c39aaa70eea191dac5e2b9656b6128f5108d2205247
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ca60bd79b367bb239acf6a12d06c5c3f72bd0eef479d844c24f4d8bde26a15bd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 87115E11B1A58281FBA0A716E5897BD1250EB85BC4F5C4031EB4D4ABFBDF2DE9828700
                                                                                                                                                                                                                        Function 00007FFE0076131B Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_session_ticket
                                                                                                                                                                                                                        • API String ID: 193678381-585220546
                                                                                                                                                                                                                        • Opcode ID: 08531af34148c9eb46279d5b5725f194c4b74fa605b4ccc2fe9728b145e0cd5b
                                                                                                                                                                                                                        • Instruction ID: c85a182006079316cb1ea601bf5e4b9ed6cb2e994eca00d05d09c05050bcc8a0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08531af34148c9eb46279d5b5725f194c4b74fa605b4ccc2fe9728b145e0cd5b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 39117C10F1A54351F790B726EA167BA56509F847C4F4C4030EB4E4BFEBDE2DD9828701
                                                                                                                                                                                                                        Function 00007FFE00762450 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 47COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_construct_ctos_ems
                                                                                                                                                                                                                        • API String ID: 0-3344448950
                                                                                                                                                                                                                        • Opcode ID: 048f3258da17d452128b3dfe0fcc02fbe07d7544ed73dbfa607138d2c96df71b
                                                                                                                                                                                                                        • Instruction ID: 5371ab3c2a04ea477e56cdd42c97e0d5f264f3151a5027f15f3b523b6dbf5274
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 048f3258da17d452128b3dfe0fcc02fbe07d7544ed73dbfa607138d2c96df71b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EF014C11B1E58241F790B766EA457BA0151AF887C4F4C5031EF5E4BBEFDE6DD9828B00
                                                                                                                                                                                                                        Function 00007FFE007618F7 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$tls_post_process_client_key_exchange
                                                                                                                                                                                                                        • API String ID: 193678381-3756838607
                                                                                                                                                                                                                        • Opcode ID: 4a84cbd147b1bea7423760b5dee6167f430bcb53616c76c17688b1a55df6592b
                                                                                                                                                                                                                        • Instruction ID: 0354ce3dce01c6dad6db1644b70d4104479aeb4e5923598f0eeefcc8e1267a4e
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4a84cbd147b1bea7423760b5dee6167f430bcb53616c76c17688b1a55df6592b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB012C61F0B54792F760B665D84A7B91291AF50704F9C5032E60E867FADF2DEAC2C201
                                                                                                                                                                                                                        Function 00007FFE00761370 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$ossl_statem_server_write_transition
                                                                                                                                                                                                                        • API String ID: 0-415349073
                                                                                                                                                                                                                        • Opcode ID: 12f49911946bf1d0b5f81ba942b7627f5eabe78301388d9eddc08d01160e5485
                                                                                                                                                                                                                        • Instruction ID: 68865a6d6637ec37341c61c505f361b689be9476f5dad4457b1d91eb27f71fde
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12f49911946bf1d0b5f81ba942b7627f5eabe78301388d9eddc08d01160e5485
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AD015221F0A64282E650F715D895BB91361EB84744F9C4032DB8E877F9CE6DE9918600
                                                                                                                                                                                                                        Function 00007FFE00762095 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_cert_status_body
                                                                                                                                                                                                                        • API String ID: 193678381-3528029177
                                                                                                                                                                                                                        • Opcode ID: 395af32739d9e1388a7ace2919e8de19fd8d20465216ca2341515999ba12ecb2
                                                                                                                                                                                                                        • Instruction ID: e00ac4e6db2691ee24241dc35a99e809c5fda09747900d5f4be4c0b7a4e7a1e1
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 395af32739d9e1388a7ace2919e8de19fd8d20465216ca2341515999ba12ecb2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B012111B1D58341E790B722E951BB95251AF49BC4F8C5032EE4E4BBEEDE1DE5418701
                                                                                                                                                                                                                        Function 00007FFE00761D39 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 41COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_srvr.c$tls_construct_cert_status_body
                                                                                                                                                                                                                        • API String ID: 193678381-3528029177
                                                                                                                                                                                                                        • Opcode ID: 99f175a475ec9a6eeaaffc58756a06ec8e5023f8386e2d2f363bd87b13919105
                                                                                                                                                                                                                        • Instruction ID: 28cb10b21e0421625488867b2c20fa1733df285d2cdfd88488b04d5d5c51f33a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99f175a475ec9a6eeaaffc58756a06ec8e5023f8386e2d2f363bd87b13919105
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 98017111B0D64380E790B762E951BB90251AF49BC4F4C4032EE4E4BBEEDE2CE5414701
                                                                                                                                                                                                                        Function 00007FFE00761B40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_dtls.c$dtls_construct_change_cipher_spec
                                                                                                                                                                                                                        • API String ID: 193678381-1275380453
                                                                                                                                                                                                                        • Opcode ID: 254602fa7f9aaf40a0749e1469b7e9d5cbb37dcb27711609f64ad99960dd814c
                                                                                                                                                                                                                        • Instruction ID: 5ddb4d7cbf4c0c85d487db61a1c843a859d55e1a06d4d65d94d38a56d1bd77d3
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 254602fa7f9aaf40a0749e1469b7e9d5cbb37dcb27711609f64ad99960dd814c
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C201AF61F0A64282F791B762D805BF91251DB54B84F5C4035EB0E47BFAEE2CDA829744
                                                                                                                                                                                                                        Function 00007FFE00761276 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_key_update
                                                                                                                                                                                                                        • API String ID: 193678381-4067644432
                                                                                                                                                                                                                        • Opcode ID: 138e952d67f0d8496627a1e06e2675a1371a5c3899aaae53eeec790f21ecf91b
                                                                                                                                                                                                                        • Instruction ID: c4e5e387b434da8115393f50ae66cc97725a6285687e4e179e58ad73a7a95ba7
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 138e952d67f0d8496627a1e06e2675a1371a5c3899aaae53eeec790f21ecf91b
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 30F0BE60F1A54381F760B7A2DC057F912118F48794F9C4032EF0E47BEADE2CEA814700
                                                                                                                                                                                                                        Function 00007FFE00761285 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_post_process_message
                                                                                                                                                                                                                        • API String ID: 193678381-2213881910
                                                                                                                                                                                                                        • Opcode ID: 4c773837d34b23d9a7d58184146fd460342b2a23f40ca10563147253055a7161
                                                                                                                                                                                                                        • Instruction ID: 4e793b9c344b01dbf7b5e6d149cd77de3285e069475cb1501496b2c61a135db0
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c773837d34b23d9a7d58184146fd460342b2a23f40ca10563147253055a7161
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5EF05E51F0A58382F2A472769C56AB912508F49360FAC1531DB1E867FEDE1CE9C28644
                                                                                                                                                                                                                        Function 00007FFE007AEB70 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug$E_freeL_sk_newL_sk_pop_freeX509_
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions.c$tls_parse_certificate_authorities
                                                                                                                                                                                                                        • API String ID: 1675703442-3901154960
                                                                                                                                                                                                                        • Opcode ID: d4e0d47f77b1be12c32fda952df109ae2cdee76b89f9154ad2431fea73d07368
                                                                                                                                                                                                                        • Instruction ID: 9c4150a31574dea14deacdc975e625f08b3bd545400be0dab793bad299b695cf
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4e0d47f77b1be12c32fda952df109ae2cdee76b89f9154ad2431fea73d07368
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 05F06D51B1A54281F790B762EA45BB90250EF88780F8C4032FB0D43BEEDE6CD9818600
                                                                                                                                                                                                                        Function 00007FFE007614C4 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_lib.c$tls_construct_change_cipher_spec
                                                                                                                                                                                                                        • API String ID: 193678381-1954653785
                                                                                                                                                                                                                        • Opcode ID: a9be51a01c3652386abb84d9994b4af6f744186c9274d9ad8e31f4f763b094e0
                                                                                                                                                                                                                        • Instruction ID: a3e86183fcd0483a1f8c5f196f26687dec6ad529ce0a57684f88f553ca337e40
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9be51a01c3652386abb84d9994b4af6f744186c9274d9ad8e31f4f763b094e0
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BFF0A790F1E10382F76073729C117F500508F88344F8C5032DE4E87BEADD1DE9819740
                                                                                                                                                                                                                        Function 00007FFE00761172 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_ems
                                                                                                                                                                                                                        • API String ID: 193678381-2230499117
                                                                                                                                                                                                                        • Opcode ID: 40383d9dc9a211c0e3bc815762f8c47ae45f3e812da2e9cb2774085a22dc3526
                                                                                                                                                                                                                        • Instruction ID: 86a49bc7fce7a4012b7de96260e62e7e3e7a64c51f908109b984f183da8d7f60
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40383d9dc9a211c0e3bc815762f8c47ae45f3e812da2e9cb2774085a22dc3526
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6DF05E51F0B28242F761B3A5E8097F81650AF41744F9C4031DB4D467EACEADAAD68710
                                                                                                                                                                                                                        Function 00007FFE00761B68 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_post_handshake_auth
                                                                                                                                                                                                                        • API String ID: 193678381-3813554763
                                                                                                                                                                                                                        • Opcode ID: fee3c1a5604e3d5cc243adb8ac3de28de8753b4bdae1e68e2e27c393d7309d71
                                                                                                                                                                                                                        • Instruction ID: 4053d439b2fdbbaf86a80d1344d1a659cebf420026809201cf1ffe90de733370
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fee3c1a5604e3d5cc243adb8ac3de28de8753b4bdae1e68e2e27c393d7309d71
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3F039A1F0B14382F752B761E90A7F91250AF44380F9C4031D70D4ABEADF6DAAD68714
                                                                                                                                                                                                                        Function 00007FFE007A84CF Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 27COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_write_bytes
                                                                                                                                                                                                                        • API String ID: 193678381-176253594
                                                                                                                                                                                                                        • Opcode ID: 89efe415d6ae44591e5680b8fb54df7339c0374d479e27776c2cfbebc19d6f29
                                                                                                                                                                                                                        • Instruction ID: 82fd92afaeb00a77f412d0ae90b543219efb1b3ccdf539f459cdc409e2c421fc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89efe415d6ae44591e5680b8fb54df7339c0374d479e27776c2cfbebc19d6f29
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6F03722B0E58281F661F761F8657FA12105BC5375F8C0137DF5D067EA8E3CE5868741
                                                                                                                                                                                                                        Function 00007FFE007C09F9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_newR_set_debug
                                                                                                                                                                                                                        • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client13_write_transition
                                                                                                                                                                                                                        • API String ID: 193678381-2379272181
                                                                                                                                                                                                                        • Opcode ID: d1418f55befd4cb8194a7d74475eb19e2d2ade963d13e12c9d424808c2afc6ab
                                                                                                                                                                                                                        • Instruction ID: c5ec6fcfdfc44b05c8e0ce764e2a8011d7d1810bc56fa2f8a3a9cc3e70613834
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1418f55befd4cb8194a7d74475eb19e2d2ade963d13e12c9d424808c2afc6ab
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B9E08C20B0E543D2E360BB619851AF912109F80344F8C0032D60E1ABA9CE2CA9828740
                                                                                                                                                                                                                        Function 00007FFE00761B27 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: B_exCalc_D_priv_bytes_exL_cleanseN_bin2bn
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1900010111-0
                                                                                                                                                                                                                        • Opcode ID: 2e650176fec4419a9493c1c0973c0eefb012a33611a762d3c9d977bb0268c2fd
                                                                                                                                                                                                                        • Instruction ID: f7e13d26a163cd64d9aab39a0cca5f9163477bdb6c9db09e21af01a0e6d22a0a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e650176fec4419a9493c1c0973c0eefb012a33611a762d3c9d977bb0268c2fd
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3F31143161AA4281FB50EF19D4547A923A1FB89B88F5C4136EF4D477AADF3CD441C750
                                                                                                                                                                                                                        Function 00007FFE007882F0 Relevance: 6.0, APIs: 4, Instructions: 35COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: X_free$DigestInit_exX_new
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 4262507187-0
                                                                                                                                                                                                                        • Opcode ID: 05942fe81ab9f7129f34db71ac9c0882151304eb8d76e0276b77f7c696dd54c2
                                                                                                                                                                                                                        • Instruction ID: ac8ad7f82cf3afe8882317424d33c64f510bc34423337fbdc254769949d932cc
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 05942fe81ab9f7129f34db71ac9c0882151304eb8d76e0276b77f7c696dd54c2
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80F03122B1AA4181EB91A729EA5536D52A09F44FC4F4C8031EF8D47BAEDE3CD8414701
                                                                                                                                                                                                                        Function 00007FFE0076E2AD Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: R_new$L_sk_new_nullL_sk_push
                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                        • API String ID: 1838660387-0
                                                                                                                                                                                                                        • Opcode ID: 06c641dbb7433caaec4848e1f75c13f2e147176a860e6c86187031fe93cbb965
                                                                                                                                                                                                                        • Instruction ID: d444cae8a3bf94eaf6526749dbf0c814e374aca54750bc4bd34b5c32cc80402a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06c641dbb7433caaec4848e1f75c13f2e147176a860e6c86187031fe93cbb965
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 43E06511F0FA0380FEB17A11A1503BD01919F50788F1C0036EF9E0A7EEEE6CF8820222
                                                                                                                                                                                                                        Function 00007FFE007680D0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Time$System$File
                                                                                                                                                                                                                        • String ID: gfff
                                                                                                                                                                                                                        • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                        • Opcode ID: a0b97f4aea56fea0423c07e2c95279f2c9599c66744ee81c656443d2e1a48d07
                                                                                                                                                                                                                        • Instruction ID: dd9afd47a17b20d07f16837a4d6ad0e51b85fcdb3d73576fa96add59b5c094ab
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a0b97f4aea56fea0423c07e2c95279f2c9599c66744ee81c656443d2e1a48d07
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7221D572A0968B86DB98DF29D4003B976E4FB89B84F488139DB4E87769DE3CD1418B01
                                                                                                                                                                                                                        Function 00007FFE0079CCFA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: O_indentO_printf
                                                                                                                                                                                                                        • String ID: %s (%d)
                                                                                                                                                                                                                        • API String ID: 1860387303-2206749211
                                                                                                                                                                                                                        • Opcode ID: 84165c5a742860087a4181324a4083d95e8c5db66e94e6bdcefa2ca088d4fd60
                                                                                                                                                                                                                        • Instruction ID: 75d1deacff50cfa9511413d99deca4bf68e22041fbd000dfec46c5446c668a4a
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84165c5a742860087a4181324a4083d95e8c5db66e94e6bdcefa2ca088d4fd60
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1101B172B0D68686EA21AB05A0002B96B60FB86F90F4D8032CF4E077BDCE3CE542C744
                                                                                                                                                                                                                        Function 00007FFE00768B10 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                        • Source File: 00000001.00000002.2967850035.00007FFE00761000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE00760000, based on PE: true
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967619645.00007FFE00760000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2967850035.00007FFE007E3000.00000020.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968240908.00007FFE007E5000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968288375.00007FFE0080D000.00000004.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00812000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00818000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        • Associated: 00000001.00000002.2968311398.00007FFE00820000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                        • Snapshot File: hcaresult_1_2_7ffe00760000_ihost.jbxd
                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                        • API ID: Time$System$File
                                                                                                                                                                                                                        • String ID: gfff
                                                                                                                                                                                                                        • API String ID: 2838179519-1553575800
                                                                                                                                                                                                                        • Opcode ID: e25ff0695230b9ef20f6353c867282db066572866cf8b2610bfc2824b0035600
                                                                                                                                                                                                                        • Instruction ID: 4cb634d17ec5878905c712a010fcb8a5275d36f1ee264cda97eb68c5de2cae24
                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e25ff0695230b9ef20f6353c867282db066572866cf8b2610bfc2824b0035600
                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8301DBE2B14A8582DF50DB25F8051956794FBCC784B449032E74EC7769EE3CD2058700