Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1574552
MD5:3bdc36e2200bc628897c8793258ebc6e
SHA1:29d5df5a5edf6f320b21c4d68a87d5d1b8972326
SHA256:333eaf5f70f47462a5cf35bf52f636f64a2e9380565b87ca2243c9fdb4f8f91c
Tags:exeuser-Bitsight
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious sample
Contains functionality to infect the boot sector
Hides threads from debuggers
Binary contains a suspicious time stamp
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 4996 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 3BDC36E2200BC628897C8793258EBC6E)
    • file.exe (PID: 4916 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 3BDC36E2200BC628897C8793258EBC6E)
      • cmd.exe (PID: 2020 cmdline: C:\Windows\system32\cmd.exe /c "ver" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 5720 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.9% probability
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A37D40 CryptAcquireContextA,CryptAcquireContextA,CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,clock,clock,clock,clock,CryptReleaseContext,1_2_70A37D40
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: file.exe, 00000001.00000002.1862280559.00007FFE01405000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdb source: win32ui.cp310-win_amd64.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1849688536.000001EC114B0000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: file.exe, 00000001.00000002.1867859746.00007FFE132E0000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32api.pdb source: file.exe, 00000001.00000002.1866215844.00007FFE11512000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1867239203.00007FFE130C3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: file.exe, 00000001.00000002.1862016629.00007FFE012FC000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: file.exe, 00000001.00000002.1860068569.00007FFDFB783000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: file.exe, 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1866416167.00007FFE11EBC000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1866416167.00007FFE11EBC000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_multiprocessing.pdb source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32trace.pdb source: file.exe, 00000000.00000003.1769531746.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, win32trace.cp310-win_amd64.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1867670965.00007FFE132C3000.00000002.00000001.01000000.0000000A.sdmp, select.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb( source: file.exe, 00000001.00000002.1866851573.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1861531769.00007FFDFF2FC000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdb source: file.exe, 00000001.00000002.1862561905.00007FFE01486000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: file.exe, 00000001.00000002.1862280559.00007FFE01405000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdbO source: win32ui.cp310-win_amd64.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1867462455.00007FFE13208000.00000002.00000001.01000000.00000009.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: file.exe, 00000001.00000002.1864815139.00007FFE0EB4D000.00000002.00000001.01000000.00000014.sdmp, _ssl.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: file.exe, 00000001.00000002.1866851573.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: file.exe, 00000000.00000003.1750711319.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1868262925.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\_win32sysloader.pdb source: file.exe, 00000000.00000003.1753700546.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1866610372.00007FFE11EDD000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1867083391.00007FFE12E16000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdbz) source: file.exe, 00000001.00000002.1862561905.00007FFE01486000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: file.exe, 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: file.exe, 00000001.00000002.1865484507.00007FFE10252000.00000002.00000001.01000000.00000010.sdmp, pyexpat.pyd.0.dr
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FC06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF7227FC06C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227FC06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,1_2_00007FF7227FC06C
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then push rbp1_2_70A2B990
Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then push rbp1_2_70A2B990
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: xxxs.mediafirex.site
Source: file.exe, 00000001.00000002.1855641430.000001EC13044000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: file.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833246529.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833822101.000001EC120D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846335124.000001EC12589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852535528.000001EC1259F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852954267.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846309723.000001EC12586000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852271788.000001EC12501000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846380614.000001EC1259E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840273649.000001EC125A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846401206.000001EC121CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://bugs.python.org/issue23606)
Source: file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: file.exe, 00000001.00000002.1854981584.000001EC12960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations
Source: file.exe, 00000001.00000003.1845322613.000001EC125ED000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852799704.000001EC125ED000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1837686443.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842692540.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833079587.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830994027.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1843851353.000001EC12143000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: file.exe, 00000001.00000003.1791227817.000001EC12532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1791227817.000001EC124F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844781654.000001EC12023000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC12532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841016745.000001EC12012000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: file.exe, 00000001.00000003.1836231296.000001EC13282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1856445233.000001EC132B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839356121.000001EC13287000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838406119.000001EC13286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: file.exe, 00000001.00000002.1851407100.000001EC12040000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1850119969.000001EC11BEC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841739255.000001EC12040000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846249305.000001EC11BE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835774074.000001EC12793000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811113967.000001EC12758000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830899979.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830220288.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12754000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: file.exe, 00000001.00000003.1844862679.000001EC12045000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840099817.000001EC12044000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842320005.000001EC12045000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845167260.000001EC12048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl0
Source: file.exe, 00000001.00000003.1835774074.000001EC12793000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811113967.000001EC12758000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830899979.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830220288.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12754000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl9
Source: file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124F1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crla
Source: file.exe, 00000001.00000002.1856349861.000001EC132AB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836231296.000001EC13282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839356121.000001EC13287000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838406119.000001EC13286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: file.exe, 00000001.00000002.1856445233.000001EC132B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: file.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: file.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: file.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crlN
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: file.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: file.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl&
Source: file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.dr, _ssl.pyd.0.dr, pyexpat.pyd.0.dr, _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
Source: _ctypes.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.dig
Source: file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: file.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846335124.000001EC12589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852535528.000001EC1259F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846309723.000001EC12586000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846380614.000001EC1259E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC1263C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846359134.000001EC12598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC12637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC1263C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: file.exe, 00000001.00000003.1833822101.000001EC120D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852271788.000001EC12501000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842511364.000001EC12500000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1843090601.000001EC120D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC120A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830994027.000001EC120CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845217047.000001EC120E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: file.exe, 00000001.00000003.1833246529.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852954267.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846401206.000001EC121CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848011939.000001EC121D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831070704.000001EC1219E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834525576.000001EC121BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830948949.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839330012.000001EC121BE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC126B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846124367.000001EC11C6B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844602243.000001EC11C68000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852271788.000001EC124FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844542236.000001EC11C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855367155.000001EC12D60000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845217047.000001EC120F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC1263C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1854709330.000001EC12860000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844974268.000001EC1264D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1854981584.000001EC12960000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832236944.000001EC11C5F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC120A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845277442.000001EC11C6B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: file.exe, 00000001.00000002.1855641430.000001EC13044000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC121A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
Source: file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
Source: file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://goo.gl/zeJZl.
Source: file.exe, 00000001.00000002.1852271788.000001EC124FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844386147.000001EC124F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: file.exe, 00000001.00000003.1840099817.000001EC12044000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: file.exe, 00000001.00000003.1833031337.000001EC0FBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831358486.000001EC0FBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838335220.000001EC0FBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830627391.000001EC0FBD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840638039.000001EC0FBE7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1837620585.000001EC0FBE8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: file.exe, 00000001.00000003.1841397328.000001EC126C5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://json.org
Source: file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://mail.python.org/pipermail/python-dev/2012-June/120787.html.
Source: file.exe, 00000001.00000003.1836270918.000001EC12857000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836566491.000001EC12850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
Source: file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.dr, _decimal.pyd.0.dr, _socket.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digif
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
Source: file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788556116.000001EC120E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1851124501.000001EC11EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: file.exe, 00000001.00000002.1853954661.000001EC127EB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: file.exe, 00000001.00000003.1835774074.000001EC12793000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811113967.000001EC12758000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830899979.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830220288.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12754000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/g
Source: file.exe, 00000001.00000003.1832169267.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830823235.000001EC121D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832431347.000001EC12635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839915616.000001EC121DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832219511.000001EC12633000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852006434.000001EC121DD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
Source: file.exe, 00000001.00000002.1852271788.000001EC124FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842297991.000001EC12069000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844700062.000001EC12069000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844386147.000001EC124F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846033168.000001EC12069000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: file.exe, 00000001.00000002.1855367155.000001EC12DC4000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855488631.000001EC12F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5234
Source: file.exe, 00000001.00000002.1854709330.000001EC12860000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1854981584.000001EC12960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842511364.000001EC12500000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: file.exe, 00000001.00000002.1855367155.000001EC12DC4000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855488631.000001EC12F30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6455#section-5.2
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC12637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: file.exe, 00000001.00000003.1836270918.000001EC12857000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836566491.000001EC12850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: file.exe, 00000001.00000003.1837356704.000001EC127A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836475184.000001EC127A5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835774074.000001EC12793000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811113967.000001EC12758000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830899979.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830220288.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12754000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836566491.000001EC12850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: file.exe, 00000001.00000003.1833246529.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852954267.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC126B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836566491.000001EC12850000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: file.exe, 00000001.00000003.1833246529.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852954267.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836566491.000001EC12850000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC126B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: file.exe, 00000000.00000003.1771550639.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
Source: file.exe, 00000000.00000003.1772801603.0000023A0CD97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1869859767.0000023A0CD97000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1771550639.0000023A0CD96000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1771550639.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842692540.000001EC12148000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841944836.000001EC121D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848011939.000001EC121D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1851983942.000001EC121D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842221148.000001EC12147000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846763122.000001EC1214B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833079587.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830994027.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830823235.000001EC121D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834469423.000001EC12146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: file.exe, 00000001.00000003.1788556116.000001EC120E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1854709330.000001EC12860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: file.exe, 00000001.00000002.1856210182.000001EC13286000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836231296.000001EC13282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838406119.000001EC13286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: file.exe, 00000001.00000003.1786483215.000001EC12042000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1786483215.000001EC12027000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cl.cam.ac.uk/~mgk25/iso-time.html
Source: file.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840273649.000001EC125A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC1263C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC12637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC1263C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.dabeaz.com/ply)
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1768977359.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852355089.000001EC12577000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839566364.000001EC1329A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1856325325.000001EC1329B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836231296.000001EC13282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1847122490.000001EC12576000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839356121.000001EC13287000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846422866.000001EC12575000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838406119.000001EC13286000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: file.exe, 00000001.00000003.1831070704.000001EC1219E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834525576.000001EC121BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC121BA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830948949.000001EC12156000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: file.exe, 00000001.00000003.1786483215.000001EC12042000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1786483215.000001EC12027000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1786990136.000001EC12022000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/time-zones/repository/tz-link.html
Source: file.exe, 00000001.00000003.1786483215.000001EC12042000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1786483215.000001EC12027000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.phys.uu.nl/~vgent/calendar/isocalendar.htm
Source: file.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: file.exe, 00000001.00000002.1851202423.000001EC11FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC12637000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: file.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852469768.000001EC12599000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846335124.000001EC12589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846309723.000001EC12586000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846359134.000001EC12598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834734606.000001EC125DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839271117.000001EC125DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
Source: file.exe, 00000001.00000002.1864440940.00007FFE0E16B000.00000002.00000001.01000000.00000017.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835707222.000001EC125C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1847952940.000001EC125DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852632453.000001EC125DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840273649.000001EC125C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844520576.000001EC125D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: file.exe, 00000001.00000003.1784460658.000001EC0FBB2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1849448230.000001EC0FBC3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848311619.000001EC0FBBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784352063.000001EC0FBB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831512395.000001EC0FBAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835164526.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784539618.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/astral-sh/ruff
Source: file.exe, 00000001.00000002.1851407100.000001EC12040000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841739255.000001EC12040000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/giampaolo/psutil/issues/875.
Source: file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: file.exe, 00000000.00000003.1769531746.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767067637.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767295623.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1769375745.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1769531746.0000023A0CD95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1769729637.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753700546.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1866291594.00007FFE11524000.00000002.00000001.01000000.0000000E.sdmp, file.exe, 00000001.00000002.1862783944.00007FFE014D4000.00000002.00000001.01000000.0000000F.sdmp, file.exe, 00000001.00000002.1866940998.00007FFE126F6000.00000002.00000001.01000000.0000000B.sdmp, win32ui.cp310-win_amd64.pyd.0.dr, win32trace.cp310-win_amd64.pyd.0.drString found in binary or memory: https://github.com/mhammond/pywin32
Source: file.exe, 00000001.00000002.1854981584.000001EC12960000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
Source: file.exe, 00000001.00000002.1855793850.000001EC131C8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: file.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: file.exe, 00000001.00000002.1854709330.000001EC12860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: file.exe, 00000001.00000002.1854709330.000001EC12860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packagingEI49962
Source: file.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/wheel
Source: file.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/pypa/wheel/issues
Source: file.exe, 00000001.00000002.1849802401.000001EC11928000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: file.exe, 00000001.00000003.1784539618.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: file.exe, 00000001.00000003.1784460658.000001EC0FBB2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1849448230.000001EC0FBC3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848311619.000001EC0FBBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784352063.000001EC0FBB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831512395.000001EC0FBAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835164526.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784539618.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: file.exe, 00000001.00000003.1784460658.000001EC0FBB2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1849448230.000001EC0FBC3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848311619.000001EC0FBBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784352063.000001EC0FBB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831512395.000001EC0FBAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835164526.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784539618.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: file.exe, 00000001.00000003.1841944836.000001EC121D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848011939.000001EC121D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1851983942.000001EC121D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830823235.000001EC121D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/32900
Source: file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832236944.000001EC11C5F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839271117.000001EC125DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831861492.000001EC11C3E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834734606.000001EC125DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839271117.000001EC125DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: file.exe, 00000001.00000003.1830627391.000001EC0FBD9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: file.exe, 00000001.00000003.1844862679.000001EC12045000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840099817.000001EC12044000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842320005.000001EC12045000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845167260.000001EC12048000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: file.exe, 00000001.00000003.1831861492.000001EC11C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: file.exe, 00000001.00000002.1855641430.000001EC13044000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: file.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846335124.000001EC12589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846309723.000001EC12586000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846380614.000001EC1259E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846359134.000001EC12598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: METADATA.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: file.exe, 00000001.00000003.1834991278.000001EC121A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC124F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC121A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831070704.000001EC1219E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC1218D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC1250A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830948949.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793859180.000001EC121B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: file.exe, 00000001.00000002.1855367155.000001EC12D60000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
Source: file.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/setuptools/
Source: file.exe, 00000001.00000002.1860068569.00007FFDFB783000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://python.org/dev/peps/pep-0263/
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: file.exe, 00000001.00000002.1855793850.000001EC131C8000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848011939.000001EC121D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1851983942.000001EC121D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1854981584.000001EC12960000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846359134.000001EC12598000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830823235.000001EC121D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: file.exe, 00000001.00000003.1789652054.000001EC120B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788031501.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC12139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: file.exe, 00000001.00000003.1788363881.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1791946571.000001EC12150000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833849468.000001EC12158000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC120E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788031501.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788556116.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830948949.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831915037.000001EC12157000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: file.exe, 00000001.00000002.1851124501.000001EC11EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: file.exe, 00000001.00000003.1787713100.000001EC120E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788031501.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC12139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
Source: file.exe, 00000001.00000003.1787713100.000001EC120E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788031501.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC12139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
Source: file.exe, 00000001.00000002.1851407100.000001EC12040000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841739255.000001EC12040000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/questions/4457745#4457745.
Source: file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: file.exe, 00000001.00000003.1845167260.000001EC1205D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841206853.000001EC12059000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1843245005.000001EC12059000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839949374.000001EC12058000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846033168.000001EC1205D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: file.exe, 00000001.00000003.1833822101.000001EC120D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852271788.000001EC12501000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842511364.000001EC12500000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1843090601.000001EC120D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC120A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830994027.000001EC120CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845217047.000001EC120E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: file.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840273649.000001EC125A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC1263C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC12637000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC1263C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: file.exe, 00000001.00000003.1844542236.000001EC11C61000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852764434.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832236944.000001EC11C5F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831861492.000001EC11C3E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0
Source: file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warningsj
Source: METADATA0.0.drString found in binary or memory: https://wheel.readthedocs.io/
Source: file.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: file.exe, 00000001.00000003.1842692540.000001EC12148000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1791227817.000001EC12532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1791227817.000001EC124F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842221148.000001EC12147000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846763122.000001EC1214B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC12532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833079587.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830994027.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834469423.000001EC12146000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: file.exe, 00000000.00000003.1755171197.0000023A0CD93000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1755171197.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1756762214.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000001.00000002.1851202423.000001EC11FE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1862333911.00007FFE0143A000.00000002.00000001.01000000.00000015.sdmp, file.exe, 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpString found in binary or memory: https://www.openssl.org/H
Source: file.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846335124.000001EC12589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846309723.000001EC12586000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846380614.000001EC1259E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846359134.000001EC12598000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: file.exe, 00000001.00000003.1834991278.000001EC121A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC124F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC121A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831070704.000001EC1219E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC1218D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC1250A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830948949.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793859180.000001EC121B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: file.exe, 00000000.00000003.1770288243.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1851124501.000001EC11EE0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0205/
Source: file.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: file.exe, 00000001.00000002.1849802401.000001EC118A0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834734606.000001EC125DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839271117.000001EC125DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: file.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: file.exe, 00000001.00000002.1856445233.000001EC132B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: file.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/r
Source: file.exe, 00000001.00000002.1855793850.000001EC131E8000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852031978.000001EC121E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xxxs.mediafirex.site/obtenciondeplaticaxxxxmiakhalifa
Source: file.exe, 00000001.00000002.1855793850.000001EC131E8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://xxxs.mediafirex.site/obtenciondeplaticaxxxxmiakhalifaP
Source: file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806612354.000001EC12541000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1805317062.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852355089.000001EC1254E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xxxs.mediafirex.site/obtenciondeplaticaxxxxmiakhalifaz
Source: file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834734606.000001EC125DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839271117.000001EC125DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,1_2_70A708E0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A22B90: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy,1_2_70A22B90
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7228000100_2_00007FF722800010
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F1DAC0_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FB13C0_2_00007FF7227FB13C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7228002A40_2_00007FF7228002A4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E62D00_2_00007FF7227E62D0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E7FCC0_2_00007FF7227E7FCC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F2BE00_2_00007FF7227F2BE0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F87F40_2_00007FF7227F87F4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227EE80C0_2_00007FF7227EE80C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FFF2C0_2_00007FF7227FFF2C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E97600_2_00007FF7227E9760
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E1B800_2_00007FF7227E1B80
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FE0C00_2_00007FF7227FE0C0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FE4EC0_2_00007FF7227FE4EC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E790D0_2_00007FF7227E790D
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF722803C180_2_00007FF722803C18
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227EA0600_2_00007FF7227EA060
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FB13C0_2_00007FF7227FB13C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FC06C0_2_00007FF7227FC06C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227EE5A40_2_00007FF7227EE5A4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F6DE00_2_00007FF7227F6DE0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F92000_2_00007FF7227F9200
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E7AA40_2_00007FF7227E7AA4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E82D80_2_00007FF7227E82D8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F1DAC0_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F07000_2_00007FF7227F0700
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF722800A180_2_00007FF722800A18
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F46840_2_00007FF7227F4684
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A6FC001_2_70A6FC00
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A0E6F01_2_70A0E6F0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A0A7B01_2_70A0A7B0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A3E8D01_2_70A3E8D0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A6C8651_2_70A6C865
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A348701_2_70A34870
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A3B1A01_2_70A3B1A0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A2B9901_2_70A2B990
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A419901_2_70A41990
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A249F01_2_70A249F0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A311C01_2_70A311C0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A7E1601_2_70A7E160
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A31A801_2_70A31A80
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A6D2801_2_70A6D280
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A29AC01_2_70A29AC0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A0F2201_2_70A0F220
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A962301_2_70A96230
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A262001_2_70A26200
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A38A101_2_70A38A10
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A6EA101_2_70A6EA10
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A7DA401_2_70A7DA40
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A013E01_2_70A013E0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A26BC01_2_70A26BC0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A433201_2_70A43320
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A223601_2_70A22360
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A3CB701_2_70A3CB70
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A36B501_2_70A36B50
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A403501_2_70A40350
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A3E4B01_2_70A3E4B0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A39CF01_2_70A39CF0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A56C321_2_70A56C32
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A3D4501_2_70A3D450
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A435A01_2_70A435A0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A6DDA01_2_70A6DDA0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A235901_2_70A23590
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A5DD901_2_70A5DD90
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A76DE01_2_70A76DE0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A26D601_2_70A26D60
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A3AD601_2_70A3AD60
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A7D5601_2_70A7D560
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A225401_2_70A22540
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A35EA01_2_70A35EA0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A37EC01_2_70A37EC0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A07E201_2_70A07E20
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A18E401_2_70A18E40
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A6BF801_2_70A6BF80
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A0F7C01_2_70A0F7C0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A56FC01_2_70A56FC0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A6B7C01_2_70A6B7C0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A3CF601_2_70A3CF60
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A357401_2_70A35740
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227E790D1_2_00007FF7227E790D
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F2BE01_2_00007FF7227F2BE0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227E1B801_2_00007FF7227E1B80
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227FE4EC1_2_00007FF7227FE4EC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF722803C181_2_00007FF722803C18
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227FB13C1_2_00007FF7227FB13C
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F92001_2_00007FF7227F9200
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227FB13C1_2_00007FF7227FB13C
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227E7AA41_2_00007FF7227E7AA4
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7228002A41_2_00007FF7228002A4
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227E62D01_2_00007FF7227E62D0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227E82D81_2_00007FF7227E82D8
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF722800A181_2_00007FF722800A18
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227E7FCC1_2_00007FF7227E7FCC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F87F41_2_00007FF7227F87F4
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7228000101_2_00007FF722800010
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227EE80C1_2_00007FF7227EE80C
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227FFF2C1_2_00007FF7227FFF2C
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227E97601_2_00007FF7227E9760
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227FE0C01_2_00007FF7227FE0C0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227EA0601_2_00007FF7227EA060
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227FC06C1_2_00007FF7227FC06C
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227EE5A41_2_00007FF7227EE5A4
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F1DAC1_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F6DE01_2_00007FF7227F6DE0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F1DAC1_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F07001_2_00007FF7227F0700
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F46841_2_00007FF7227F4684
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB2A3B801_2_00007FFDFB2A3B80
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB2B7BC01_2_00007FFDFB2B7BC0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB106A871_2_00007FFDFB106A87
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB10655F1_2_00007FFDFB10655F
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1060A01_2_00007FFDFB1060A0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB16FA001_2_00007FFDFB16FA00
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB103FDA1_2_00007FFDFB103FDA
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1041651_2_00007FFDFB104165
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1022E81_2_00007FFDFB1022E8
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1021B71_2_00007FFDFB1021B7
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1027661_2_00007FFDFB102766
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB2300101_2_00007FFDFB230010
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1032E71_2_00007FFDFB1032E7
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1022891_2_00007FFDFB102289
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB11BF201_2_00007FFDFB11BF20
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB11BD601_2_00007FFDFB11BD60
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB237CD01_2_00007FFDFB237CD0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1030C11_2_00007FFDFB1030C1
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB106EF11_2_00007FFDFB106EF1
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB105D8A1_2_00007FFDFB105D8A
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1029CD1_2_00007FFDFB1029CD
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB106CBC1_2_00007FFDFB106CBC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB10114F1_2_00007FFDFB10114F
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB11F2001_2_00007FFDFB11F200
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB23B2001_2_00007FFDFB23B200
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB10213F1_2_00007FFDFB10213F
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB11F0601_2_00007FFDFB11F060
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB10704A1_2_00007FFDFB10704A
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB33F7D01_2_00007FFDFB33F7D0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB101EA11_2_00007FFDFB101EA1
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB12B8501_2_00007FFDFB12B850
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB106F281_2_00007FFDFB106F28
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB12B4C01_2_00007FFDFB12B4C0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB2374F01_2_00007FFDFB2374F0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1051691_2_00007FFDFB105169
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB103B931_2_00007FFDFB103B93
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB2A2C401_2_00007FFDFB2A2C40
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB104E4E1_2_00007FFDFB104E4E
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1060DC1_2_00007FFDFB1060DC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB105E251_2_00007FFDFB105E25
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB28E8701_2_00007FFDFB28E870
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1023F11_2_00007FFDFB1023F1
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1046331_2_00007FFDFB104633
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1072C51_2_00007FFDFB1072C5
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1E2EB01_2_00007FFDFB1E2EB0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB11EF001_2_00007FFDFB11EF00
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB101B221_2_00007FFDFB101B22
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB104D041_2_00007FFDFB104D04
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB105DA31_2_00007FFDFB105DA3
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB105B0F1_2_00007FFDFB105B0F
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1034861_2_00007FFDFB103486
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB2363101_2_00007FFDFB236310
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1057D11_2_00007FFDFB1057D1
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FFDFB1047461_2_00007FFDFB104746
Source: C:\Users\user\Desktop\file.exeCode function: String function: 70A96380 appears 31 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FF7227E2760 appears 82 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 70A04230 appears 238 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDFB102A04 appears 34 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDFB102734 appears 244 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDFB104057 appears 350 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDFB10300D appears 50 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDFB1024B9 appears 45 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 70A968F0 appears 192 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDFB101EF1 appears 580 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 00007FFDFB10483B appears 54 times
Source: C:\Users\user\Desktop\file.exeCode function: String function: 70A2D050 appears 325 times
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _pytransform.dll.0.drStatic PE information: Number of sections : 11 > 10
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: file.exe, 00000000.00000003.1769531746.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.cp310-win_amd64.pyd0 vs file.exe
Source: file.exe, 00000000.00000003.1767067637.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs file.exe
Source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1767295623.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs file.exe
Source: file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1765152641.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1750711319.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs file.exe
Source: file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1752987988.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1769375745.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32api.cp310-win_amd64.pyd0 vs file.exe
Source: file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs file.exe
Source: file.exe, 00000000.00000003.1768326304.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs file.exe
Source: file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs file.exe
Source: file.exe, 00000000.00000003.1769531746.0000023A0CD95000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32trace.cp310-win_amd64.pyd0 vs file.exe
Source: file.exe, 00000000.00000003.1751551763.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1769729637.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewin32ui.cp310-win_amd64.pyd0 vs file.exe
Source: file.exe, 00000000.00000003.1753501490.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1753700546.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_win32sysloader.cp310-win_amd64.pyd0 vs file.exe
Source: file.exe, 00000000.00000003.1751397698.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs file.exe
Source: file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs file.exe
Source: file.exeBinary or memory string: OriginalFilename vs file.exe
Source: file.exe, 00000001.00000002.1868018024.00007FFE132EB000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1866291594.00007FFE11524000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamewin32api.cp310-win_amd64.pyd0 vs file.exe
Source: file.exe, 00000001.00000002.1862055757.00007FFE01306000.00000002.00000001.01000000.0000002F.sdmpBinary or memory string: OriginalFilename_sqlite3.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1867519456.00007FFE13212000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1867738554.00007FFE132C6000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1849688536.000001EC114B0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs file.exe
Source: file.exe, 00000001.00000002.1865231304.00007FFE0EB65000.00000002.00000001.01000000.00000014.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1868350749.00007FFE1A467000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs file.exe
Source: file.exe, 00000001.00000002.1862333911.00007FFE0143A000.00000002.00000001.01000000.00000015.sdmpBinary or memory string: OriginalFilenamelibsslH vs file.exe
Source: file.exe, 00000001.00000002.1862783944.00007FFE014D4000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilenamepythoncom310.dll0 vs file.exe
Source: file.exe, 00000001.00000002.1866501725.00007FFE11EC5000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1860872399.00007FFDFB8A0000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython310.dll. vs file.exe
Source: file.exe, 00000001.00000002.1867132335.00007FFE12E1D000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1866032855.00007FFE1025D000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1867345302.00007FFE130C6000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1866712328.00007FFE11EE2000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1861857450.00007FFDFF301000.00000002.00000001.01000000.0000002D.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs file.exe
Source: file.exe, 00000001.00000002.1866940998.00007FFE126F6000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilenamepywintypes310.dll0 vs file.exe
Source: file.exe, 00000001.00000002.1861414596.00007FFDFBAB3000.00000002.00000001.01000000.00000030.sdmpBinary or memory string: OriginalFilenamesqlite3.dll0 vs file.exe
Source: file.exe, 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs file.exe
Source: classification engineClassification label: mal52.evad.winEXE@6/89@1/1
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E6FA0 GetLastError,FormatMessageW,WideCharToMultiByte,0_2_00007FF7227E6FA0
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5720:120:WilError_03
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962Jump to behavior
Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmpBinary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmpBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmpBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: file.exe, file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmpBinary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmpBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmpBinary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: libffi-7.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: secur32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: libcrypto-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: libssl-1_1.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: powrprof.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: pdh.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: umpdc.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sxs.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: sqlite3.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{172BDDF8-CEEA-11D1-8B05-00600806D9B6}\InProcServer32Jump to behavior
Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\Desktop\pyvenv.cfgJump to behavior
Source: file.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: file.exeStatic file information: File size 73234407 > 1048576
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: file.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\sqlite3.pdb source: file.exe, 00000001.00000002.1861258775.00007FFDFBA82000.00000002.00000001.01000000.00000030.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb source: file.exe, 00000001.00000002.1862280559.00007FFE01405000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdb source: win32ui.cp310-win_amd64.pyd.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASM source: file.exe, 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python3.pdb source: file.exe, 00000000.00000003.1765454943.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1849688536.000001EC114B0000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_ctypes.pdb source: file.exe, 00000001.00000002.1867859746.00007FFE132E0000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32api.pdb source: file.exe, 00000001.00000002.1866215844.00007FFE11512000.00000002.00000001.01000000.0000000E.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_queue.pdb source: file.exe, 00000000.00000003.1752768690.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1867239203.00007FFE130C3000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_sqlite3.pdb source: file.exe, 00000001.00000002.1862016629.00007FFE012FC000.00000002.00000001.01000000.0000002F.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_overlapped.pdb source: file.exe, 00000000.00000003.1752096401.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\python310.pdb source: file.exe, 00000001.00000002.1860068569.00007FFDFB783000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -DOPENSSL_CPUID_OBJ -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DKECCAK1600_ASM -DRC4_ASM -DMD5_ASM -DAESNI_ASM -DVPAES_ASM -DGHASH_ASM -DECP_NISTZ256_ASM -DX25519_ASM -DPOLY1305_ASMOpenSSL 1.1.1n 15 Mar 2022built on: Tue Mar 15 18:32:50 2022 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-1_1"not available source: file.exe, 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: mfc140u.amd64.pdb source: mfc140u.dll.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdbNN source: file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1866416167.00007FFE11EBC000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_asyncio.pdb source: file.exe, 00000000.00000003.1750825865.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_lzma.pdb source: file.exe, 00000000.00000003.1751847294.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1866416167.00007FFE11EBC000.00000002.00000001.01000000.0000000D.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_multiprocessing.pdb source: file.exe, 00000000.00000003.1752000434.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: mfc140u.amd64.pdbGCTL source: mfc140u.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32trace.pdb source: file.exe, 00000000.00000003.1769531746.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, win32trace.cp310-win_amd64.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\select.pdb source: file.exe, 00000000.00000003.1767921927.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1867670965.00007FFE132C3000.00000002.00000001.01000000.0000000A.sdmp, select.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb( source: file.exe, 00000001.00000002.1866851573.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\unicodedata.pdb source: file.exe, 00000000.00000003.1768977359.0000023A0CD90000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1861531769.00007FFDFF2FC000.00000002.00000001.01000000.0000002D.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdb source: file.exe, 00000001.00000002.1862561905.00007FFE01486000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\_w\1\b\libssl-1_1.pdb@@ source: file.exe, 00000001.00000002.1862280559.00007FFE01405000.00000002.00000001.01000000.00000015.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\win32ui.pdbO source: win32ui.cp310-win_amd64.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_socket.pdb source: file.exe, 00000000.00000003.1752851903.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1867462455.00007FFE13208000.00000002.00000001.01000000.00000009.sdmp, _socket.pyd.0.dr
Source: Binary string: C:\A\40\b\bin\amd64\_ssl.pdb source: file.exe, 00000001.00000002.1864815139.00007FFE0EB4D000.00000002.00000001.01000000.00000014.sdmp, _ssl.pyd.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pywintypes.pdb source: file.exe, 00000001.00000002.1866851573.00007FFE126E0000.00000002.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\_work\1\s\\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: file.exe, 00000000.00000003.1750711319.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1868262925.00007FFE1A461000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\_win32sysloader.pdb source: file.exe, 00000000.00000003.1753700546.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_bz2.pdb source: file.exe, 00000000.00000003.1750914173.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1866610372.00007FFE11EDD000.00000002.00000001.01000000.0000000C.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\_hashlib.pdb source: file.exe, 00000000.00000003.1751703931.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1867083391.00007FFE12E16000.00000002.00000001.01000000.00000012.sdmp
Source: Binary string: C:\src\pywin32\build\temp.win-amd64-3.10\Release\pythoncom.pdbz) source: file.exe, 00000001.00000002.1862561905.00007FFE01486000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\_w\1\b\libcrypto-1_1.pdb source: file.exe, 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: C:\A\40\b\bin\amd64\pyexpat.pdb source: file.exe, 00000001.00000002.1865484507.00007FFE10252000.00000002.00000001.01000000.00000010.sdmp, pyexpat.pyd.0.dr
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: 0xEFFF39AD [Sun Aug 4 18:57:49 2097 UTC]
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,1_2_70A708E0
Source: md__mypyc.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x280fa
Source: _MD5.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x12225
Source: _chacha20.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x741f
Source: _SHA1.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xbd05
Source: _scrypt.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x80b5
Source: _raw_blowfish.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x11ec6
Source: pythoncom310.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x8ce57
Source: _MD2.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x110e3
Source: _raw_cbc.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x3a38
Source: win32trace.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x10f52
Source: _raw_arc2.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x966e
Source: _raw_ctr.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x46bb
Source: _raw_cast.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x7870
Source: _modexp.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xdf94
Source: _ghash_clmul.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9c9d
Source: _Salsa20.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x3657
Source: _RIPEMD160.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x6f18
Source: _SHA384.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x100ff
Source: _BLAKE2s.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x50f7
Source: _poly1305.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xbea9
Source: _SHA224.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x13d1f
Source: _cffi_backend.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x3108a
Source: _raw_aes.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x14e8f
Source: win32ui.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x16a344
Source: _raw_ecb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x4c1b
Source: _cpuid_c.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xe2b6
Source: _BLAKE2b.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x864f
Source: pywintypes310.dll.0.drStatic PE information: real checksum: 0x0 should be: 0x2c30d
Source: _raw_aesni.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xd2c3
Source: win32api.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x25cc2
Source: _raw_ocb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x14299
Source: _raw_des.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x124f2
Source: _raw_cfb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9762
Source: _MD4.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x9fa9
Source: _raw_des3.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x10195
Source: _strxor.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x10aad
Source: _win32sysloader.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x8e07
Source: _raw_ofb.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x727a
Source: _ec_ws.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xc5419
Source: _keccak.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xaf1b
Source: _raw_eksblowfish.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xc1e6
Source: _ARC4.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xc8ba
Source: _pytransform.dll.0.drStatic PE information: real checksum: 0x11edfe should be: 0x11dbef
Source: _psutil_windows.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0x1f645
Source: _ghash_portable.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xa111
Source: md.cp310-win_amd64.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xf357
Source: _SHA512.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xbd08
Source: _SHA256.pyd.0.drStatic PE information: real checksum: 0x0 should be: 0xa85b
Source: file.exeStatic PE information: section name: _RDATA
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: _pytransform.dll.0.drStatic PE information: section name: .xdata
Source: libcrypto-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-1_1.dll.0.drStatic PE information: section name: .00cfg
Source: mfc140u.dll.0.drStatic PE information: section name: .didat
Source: python310.dll.0.drStatic PE information: section name: PyRuntim

Persistence and Installation Behavior

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\file.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d1_2_70A22B90
Source: C:\Users\user\Desktop\file.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d1_2_70A227E0
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\libffi-7.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\select.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_win32sysloader.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\win32api.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\win32trace.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\win32ui.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\libssl-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\libcrypto-1_1.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\sqlite3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\pythoncom310.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior

Boot Survival

barindex
Contains functionality to infect the boot sector
Source: C:\Users\user\Desktop\file.exeCode function: memset,wsprintfA,CreateFileA,memset,DeviceIoControl,CloseHandle,isxdigit,isxdigit,isxdigit,isprint,memcpy,CloseHandle,strlen,memcpy, \\.\PhysicalDrive%d1_2_70A22B90
Source: C:\Users\user\Desktop\file.exeCode function: _snprintf,_snprintf,CreateFileA,CreateFileA,GlobalAlloc,DeviceIoControl,GlobalFree,_snprintf,CreateFileA,GlobalAlloc,GlobalAlloc,GlobalAlloc,DeviceIoControl,GlobalFree,GlobalFree,GlobalFree,CloseHandle,GlobalFree,GlobalFree,GlobalFree,GlobalFree,CloseHandle, \\.\PhysicalDrive%d1_2_70A227E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227E3C90 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_00007FF7227E3C90
Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_pytransform.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\pywintypes310.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\select.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_cffi_backend.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md__mypyc.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_win32sysloader.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\win32api.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\win32trace.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\python310.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\mfc140u.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\win32ui.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md.cp310-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\psutil\_psutil_windows.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\pythoncom310.dllJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_sqlite3.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\file.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-15197
Source: C:\Users\user\Desktop\file.exeAPI coverage: 3.5 %
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FC06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,0_2_00007FF7227FC06C
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,0_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227FC06C _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,FindClose,1_2_00007FF7227FC06C
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F1DAC _invalid_parameter_noinfo,FindFirstFileExW,GetLastError,_invalid_parameter_noinfo,FindNextFileW,GetLastError,1_2_00007FF7227F1DAC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A06A70 GetSystemInfo,VirtualAlloc,VirtualAlloc,1_2_70A06A70
Source: file.exe, 00000000.00000003.1770781271.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: file.exeBinary or memory string: jqEMu
Source: file.exe, 00000001.00000002.1851202423.000001EC11FE0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWe pi%SystemRoot%\system32\mswsock.dll Other optional arguments are *fix_imports*, *encoding* and
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd

Anti Debugging

barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F5750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7227F5750
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A708E0 LoadLibraryA,GetProcAddress,GetCurrentThread,NtSetInformationThread,1_2_70A708E0
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227FDB48 GetProcessHeap,0_2_00007FF7227FDB48
Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\file.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227F5750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7227F5750
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227EB0C4 SetUnhandledExceptionFilter,0_2_00007FF7227EB0C4
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227EA8DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF7227EA8DC
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227EAEE0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF7227EAEE0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A94FD0 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,1_2_70A94FD0
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227F5750 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF7227F5750
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227EB0C4 SetUnhandledExceptionFilter,1_2_00007FF7227EB0C4
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227EA8DC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF7227EA8DC
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00007FF7227EAEE0 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF7227EAEE0
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"Jump to behavior
Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "ver"Jump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF722803A60 cpuid 0_2_00007FF722803A60
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\pywintypes310.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\tmpnbj2t0xl VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\win32api.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\pythoncom310.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_pytransform.dll VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\_cffi_backend.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\psutil VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\psutil\_psutil_windows.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md__mypyc.cp310-win_amd64.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\Desktop\file.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI49962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF7227EADC8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF7227EADC8
Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00007FF722800010 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF722800010
Source: C:\Users\user\Desktop\file.exeCode function: 1_2_70A7094C GetVersion,GetCurrentThread,1_2_70A7094C
Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Native API		1
Bootkit		11
Process Injection		1
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		22
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
DLL Side-Loading		1
DLL Side-Loading		11
Process Injection		LSASS Memory121
Security Software Discovery		Remote Desktop ProtocolData from Removable Media1
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager1
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook2
Obfuscated Files or Information		NTDS1
File and Directory Discovery		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Bootkit		LSA Secrets25
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
Timestomp		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
DLL Side-Loading		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574552 Sample: file.exe Startdate: 13/12/2024 Architecture: WINDOWS Score: 52 29 xxxs.mediafirex.site 2->29 33 AI detected suspicious sample 2->33 9 file.exe 104 2->9         started        signatures3 process4 file5 21 C:\Users\user\...\win32ui.cp310-win_amd64.pyd, PE32+ 9->21 dropped 23 C:\Users\...\win32trace.cp310-win_amd64.pyd, PE32+ 9->23 dropped 25 C:\Users\...\win32api.cp310-win_amd64.pyd, PE32+ 9->25 dropped 27 68 other files (none is malicious) 9->27 dropped 35 Contains functionality to infect the boot sector 9->35 13 file.exe 6 9->13         started        signatures6 process7 dnsIp8 31 xxxs.mediafirex.site 172.67.192.146, 443, 49731 CLOUDFLARENETUS United States 13->31 37 Hides threads from debuggers 13->37 17 cmd.exe 1 13->17         started        signatures9 process10 process11 19 conhost.exe 17->19         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
file.exe3%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_cffi_backend.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_pytransform.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_sqlite3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\_win32sysloader.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md__mypyc.cp310-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\libcrypto-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\libffi-7.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\libssl-1_1.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI49962\mfc140u.dll0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy00%Avira URL Cloudsafe
http://crl4.dig0%Avira URL Cloudsafe
http://repository.swisssign.com/g0%Avira URL Cloudsafe
http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitations0%Avira URL Cloudsafe
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:0%Avira URL Cloudsafe
http://json.org0%Avira URL Cloudsafe
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0%Avira URL Cloudsafe
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr0%Avira URL Cloudsafe
http://foo/bar.tgz0%Avira URL Cloudsafe
https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz0%Avira URL Cloudsafe
https://wwww.certigna.fr/autorites/r0%Avira URL Cloudsafe
http://bugs.python.org/issue23606)0%Avira URL Cloudsafe
https://xxxs.mediafirex.site/obtenciondeplaticaxxxxmiakhalifa0%Avira URL Cloudsafe
http://ocsp.digif0%Avira URL Cloudsafe
https://xxxs.mediafirex.site/obtenciondeplaticaxxxxmiakhalifaP0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
xxxs.mediafirex.site
172.67.192.146
truefalse
    		unknown

    URLs from Memory and Binaries

    NameSourceMaliciousAntivirus DetectionReputation
    https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nrfile.exe, 00000001.00000003.1787713100.000001EC120E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788031501.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC12139000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy0file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.dabeaz.com/ply)file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpfalse
      		high
      https://github.com/astral-sh/rufffile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
        		high
        https://github.com/giampaolo/psutil/issues/875.file.exe, 00000001.00000002.1851407100.000001EC12040000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841739255.000001EC12040000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmpfalse
          		high
          https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesfile.exe, 00000001.00000002.1851124501.000001EC11EE0000.00000004.00001000.00020000.00000000.sdmpfalse
          • Avira URL Cloud: safe
          		unknown
          https://github.com/mhammond/pywin32file.exe, 00000000.00000003.1769531746.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767067637.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1767295623.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1769375745.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1769531746.0000023A0CD95000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1769729637.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1753700546.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1866291594.00007FFE11524000.00000002.00000001.01000000.0000000E.sdmp, file.exe, 00000001.00000002.1862783944.00007FFE014D4000.00000002.00000001.01000000.0000000F.sdmp, file.exe, 00000001.00000002.1866940998.00007FFE126F6000.00000002.00000001.01000000.0000000B.sdmp, win32ui.cp310-win_amd64.pyd.0.dr, win32trace.cp310-win_amd64.pyd.0.drfalse
            		high
            https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
              		high
              http://crl.dhimyotis.com/certignarootca.crl0file.exe, 00000001.00000002.1856445233.000001EC132B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmpfalse
                		high
                https://github.com/python/importlib_metadataMETADATA.0.drfalse
                  		high
                  https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assetsfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                    		high
                    https://github.com/python/importlib_metadata/issuesfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                      		high
                      https://python.org/dev/peps/pep-0263/file.exe, 00000001.00000002.1860068569.00007FFDFB783000.00000002.00000001.01000000.00000004.sdmpfalse
                        		high
                        https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#file.exe, 00000001.00000003.1784460658.000001EC0FBB2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1849448230.000001EC0FBC3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848311619.000001EC0FBBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784352063.000001EC0FBB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831512395.000001EC0FBAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835164526.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784539618.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmpfalse
                          		high
                          https://wheel.readthedocs.io/en/stable/news.htmlfile.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                            		high
                            https://importlib-metadata.readthedocs.io/METADATA.0.drfalse
                              		high
                              http://goo.gl/zeJZl.file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpfalse
                                		high
                                https://tools.ietf.org/html/rfc2388#section-4.4file.exe, 00000001.00000003.1845167260.000001EC1205D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841206853.000001EC12059000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1843245005.000001EC12059000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839949374.000001EC12058000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846033168.000001EC1205D000.00000004.00000020.00020000.00000000.sdmpfalse
                                  		high
                                  https://github.com/pypa/packagingfile.exe, 00000001.00000002.1854709330.000001EC12860000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://readthedocs.org/projects/importlib-metadata/badge/?version=latestfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                      		high
                                      https://refspecs.linuxfoundation.org/elf/gabi4file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        http://cffi.readthedocs.io/en/latest/cdef.html#ffi-cdef-limitationsfile.exe, 00000001.00000002.1854981584.000001EC12960000.00000004.00001000.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://repository.swisssign.com/gfile.exe, 00000001.00000003.1835774074.000001EC12793000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811113967.000001EC12758000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830899979.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830220288.000001EC12770000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12754000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpfalse
                                          		high
                                          https://blog.jaraco.com/skeletonfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                            		high
                                            https://tools.ietf.org/html/rfc3610file.exe, 00000001.00000003.1833822101.000001EC120D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852271788.000001EC12501000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842511364.000001EC12500000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1843090601.000001EC120D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC120A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830994027.000001EC120CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845217047.000001EC120E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://github.com/platformdirs/platformdirsfile.exe, 00000001.00000002.1854981584.000001EC12960000.00000004.00001000.00020000.00000000.sdmpfalse
                                                		high
                                                http://crl.dhimyotis.com/certignarootca.crlfile.exe, 00000001.00000002.1856349861.000001EC132AB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836231296.000001EC13282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839356121.000001EC13287000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838406119.000001EC13286000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://curl.haxx.se/rfc/cookie_spec.htmlfile.exe, 00000001.00000002.1855641430.000001EC13044000.00000004.00001000.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://ocsp.accv.esfile.exe, 00000001.00000003.1836270918.000001EC12857000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdfile.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                        		high
                                                        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:file.exe, 00000001.00000003.1787713100.000001EC120E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788031501.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC12139000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://json.orgfile.exe, 00000001.00000003.1841397328.000001EC126C5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyfile.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688file.exe, 00000001.00000002.1849802401.000001EC11928000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://httpbin.org/getfile.exe, 00000001.00000002.1855641430.000001EC13044000.00000004.00001000.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessfile.exe, 00000001.00000003.1788363881.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1791946571.000001EC12150000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833849468.000001EC12158000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC120E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788031501.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788556116.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830948949.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831915037.000001EC12157000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://wwww.certigna.fr/autorites/0mfile.exe, 00000001.00000002.1856445233.000001EC132B0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/pypa/wheelfile.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                    		high
                                                                    https://www.python.org/dev/peps/pep-0427/file.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                      		high
                                                                      https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerfile.exe, 00000001.00000003.1784460658.000001EC0FBB2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1849448230.000001EC0FBC3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848311619.000001EC0FBBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784352063.000001EC0FBB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831512395.000001EC0FBAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835164526.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784539618.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://foo/bar.tgzfile.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://mail.python.org/pipermail/python-dev/2012-June/120787.html.file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://httpbin.org/file.exe, 00000001.00000003.1831861492.000001EC11C3E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://wwww.certigna.fr/autorites/file.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzfile.exe, 00000001.00000003.1842692540.000001EC12148000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1791227817.000001EC12532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1791227817.000001EC124F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842221148.000001EC12147000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846763122.000001EC1214B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC12532000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833079587.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830994027.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834469423.000001EC12146000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://www.cl.cam.ac.uk/~mgk25/iso-time.htmlfile.exe, 00000001.00000003.1786483215.000001EC12042000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1786483215.000001EC12027000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://docs.python.org/3/reference/import.html#finders-and-loadersfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                  		high
                                                                                  https://img.shields.io/badge/skeleton-2024-informationalfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                    		high
                                                                                    http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535file.exe, 00000001.00000003.1833031337.000001EC0FBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831358486.000001EC0FBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838335220.000001EC0FBE0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830627391.000001EC0FBD9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840638039.000001EC0FBE7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1837620585.000001EC0FBE8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syfile.exe, 00000001.00000003.1784460658.000001EC0FBB2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1849448230.000001EC0FBC3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848311619.000001EC0FBBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784352063.000001EC0FBB6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831512395.000001EC0FBAA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835164526.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1784539618.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76file.exe, 00000001.00000003.1832169267.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830823235.000001EC121D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832431347.000001EC12635000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839915616.000001EC121DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832219511.000001EC12633000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852006434.000001EC121DD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crl.securetrust.com/STCA.crlfile.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://crl.xrampsecurity.com/XGCA.crl&file.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://wwwsearch.sf.net/):file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834734606.000001EC125DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839271117.000001EC125DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0file.exe, 00000001.00000003.1836270918.000001EC12857000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836566491.000001EC12850000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.accv.es/legislacion_c.htmfile.exe, 00000001.00000003.1833246529.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852954267.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC126B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://tools.ietf.org/html/rfc6125#section-6.4.3file.exe, 00000001.00000002.1855488631.000001EC12F78000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://cffi.readthedocs.io/en/latest/using.html#callbacksfile.exe, 00000001.00000002.1864440940.00007FFE0E16B000.00000002.00000001.01000000.00000017.sdmpfalse
                                                                                                        		high
                                                                                                        http://crl.xrampsecurity.com/XGCA.crl0file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836313550.000001EC1203D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://tools.ietf.org/html/rfc5234file.exe, 00000001.00000002.1855367155.000001EC12DC4000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855488631.000001EC12F30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.cert.fnmt.es/dpcs/file.exe, 00000001.00000002.1856210182.000001EC13286000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836231296.000001EC13282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124F1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838406119.000001EC13286000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl4.digfile.exe, 00000000.00000003.1766018300.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              https://setuptools.pypa.io/en/latest/pkg_resources.htmlfile.exe, 00000001.00000003.1789652054.000001EC120B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1788031501.000001EC12139000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1787713100.000001EC12139000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://google.com/mailfile.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834734606.000001EC125DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839271117.000001EC125DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://img.shields.io/pypi/v/importlib_metadata.svgfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                    		high
                                                                                                                    https://packaging.python.org/specifications/entry-points/file.exe, 00000001.00000002.1855367155.000001EC12D60000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://xxxs.mediafirex.site/obtenciondeplaticaxxxxmiakhalifafile.exe, 00000001.00000002.1855793850.000001EC131E8000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852031978.000001EC121E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://github.com/jaraco/jaraco.functools/issues/5file.exe, 00000001.00000002.1852150697.000001EC12360000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://www.accv.es00file.exe, 00000001.00000003.1833246529.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831692262.000001EC12830000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852954267.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833635408.000001EC12833000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1841397328.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836566491.000001EC12850000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC126B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyfile.exe, 00000001.00000003.1784539618.000001EC0FBBB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.phys.uu.nl/~vgent/calendar/isocalendar.htmfile.exe, 00000001.00000003.1786483215.000001EC12042000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1786483215.000001EC12027000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.rfc-editor.org/info/rfc7253file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838494605.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830742530.000001EC12637000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://wwww.certigna.fr/autorites/rfile.exe, 00000001.00000003.1836031005.000001EC132AC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835808413.000001EC1329E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                http://crl.securetrust.com/STCA.crlNfile.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://bugs.python.org/issue23606)file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdffile.exe, 00000001.00000003.1833822101.000001EC120D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852271788.000001EC12501000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842511364.000001EC12500000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1843090601.000001EC120D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC120A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830994027.000001EC120CD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845217047.000001EC120E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://foss.heptapod.net/pypy/pypy/-/issues/3539file.exe, 00000001.00000002.1855272530.000001EC12C60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.file.exe, 00000001.00000003.1841944836.000001EC121D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1848011939.000001EC121D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1851983942.000001EC121D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830823235.000001EC121D3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://google.com/file.exe, 00000001.00000002.1852271788.000001EC124FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845815938.000001EC124FB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844386147.000001EC124F8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://mahler:8092/site-updates.pyfile.exe, 00000001.00000003.1834991278.000001EC121A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC124F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC121A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831070704.000001EC1219E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793145057.000001EC1218D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1792807364.000001EC1250A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1806832256.000001EC12136000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1830948949.000001EC12156000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1793859180.000001EC121B2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://crl.securetrust.com/SGCA.crlfile.exe, 00000001.00000002.1851478507.000001EC1207F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839522105.000001EC12068000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1811771630.000001EC12036000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840752953.000001EC1206F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831990765.000001EC1203A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831549812.000001EC1200C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835110157.000001EC12067000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839609540.000001EC1206C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://.../back.jpegfile.exe, 00000001.00000002.1855641430.000001EC13044000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://tools.ietf.org/html/rfc5869file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1842511364.000001EC12500000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839416253.000001EC124F7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.python.org/download/releases/2.3/mro/.file.exe, 00000001.00000002.1849802401.000001EC118A0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlfile.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833246529.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833822101.000001EC120D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1833246529.000001EC1263B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846335124.000001EC12589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852535528.000001EC1259F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852954267.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846309723.000001EC12586000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852271788.000001EC12501000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1845475557.000001EC126B1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125F2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846380614.000001EC1259E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840273649.000001EC125A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832562019.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846401206.000001EC121CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://github.com/pypa/wheel/issuesfile.exe, 00000000.00000003.1773492528.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://httpbin.org/postfile.exe, 00000001.00000003.1811552982.000001EC12595000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846335124.000001EC12589000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846309723.000001EC12586000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846380614.000001EC1259E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846359134.000001EC12598000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://ocsp.digiffile.exe, 00000000.00000003.1757493605.0000023A0CD88000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://github.com/Ousret/charset_normalizerfile.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1835707222.000001EC125C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1847952940.000001EC125DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852632453.000001EC125DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840273649.000001EC125C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844520576.000001EC125D6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://img.shields.io/pypi/pyversions/importlib_metadata.svgfile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.firmaprofesional.com/cps0file.exe, 00000001.00000003.1839214907.000001EC1254D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1852355089.000001EC12577000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839566364.000001EC1329A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1856325325.000001EC1329B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC12461000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1836231296.000001EC13282000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1840384000.000001EC1254E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1847122490.000001EC12576000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839356121.000001EC13287000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834150774.000001EC1254A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1846422866.000001EC12575000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1838406119.000001EC13286000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://tidelift.com/badges/package/pypi/importlib-metadatafile.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://xxxs.mediafirex.site/obtenciondeplaticaxxxxmiakhalifaPfile.exe, 00000001.00000002.1855793850.000001EC131E8000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://github.com/urllib3/urllib3/issues/2920file.exe, 00000001.00000002.1855143201.000001EC12A60000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://crl.securetrust.com/SGCA.crl0file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://yahoo.com/file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832356221.000001EC1253E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1834734606.000001EC125DD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839271117.000001EC125DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://crl.securetrust.com/STCA.crl0file.exe, 00000001.00000003.1842022343.000001EC125E5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831219971.000001EC124F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832679737.000001EC125E2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1831408072.000001EC12502000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1809996064.000001EC125D1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1832169267.000001EC125E1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1839679752.000001EC125E4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1844291418.000001EC125E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/pypa/packagingEI49962file.exe, 00000001.00000002.1854709330.000001EC12860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22file.exe, 00000000.00000003.1771755381.0000023A0CD8B000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                              		high

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              172.67.192.146
                                                                                                                                                                              		xxxs.mediafirex.siteUnited States
                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1574552
                                                                                                                                                                              Start date and time:2024-12-13 12:12:59 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 8m 2s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:7
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Sample name:file.exe
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal52.evad.winEXE@6/89@1/1
                                                                                                                                                                              EGA Information:
                                                                                                                                                                              • Successful, ratio: 100%
                                                                                                                                                                              HCA Information:
                                                                                                                                                                              • Successful, ratio: 76%
                                                                                                                                                                              • Number of executed functions: 94
                                                                                                                                                                              • Number of non-executed functions: 172
                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                                                                              • Stop behavior analysis, all processes terminated

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                              • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                              • VT rate limit hit for: file.exe

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              No simulations

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              No context

                                                                                                                                                                              Domains

                                                                                                                                                                              No context

                                                                                                                                                                              ASNs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              CLOUDFLARENETUShttps://aggttt.z4.web.core.windows.net/?bcda=00-1-234-294-2156Get hashmaliciousTechSupportScamBrowse
                                                                                                                                                                              • 1.1.1.1
                                                                                                                                                                              https://idw.soundestlink.com/ce/c/675b7a96903a5335b119c33f/675b7ae33d33226215120f66/675b7afd057112d43b49094d?signature=7e9e7eead1b3f32bbe3709a667795cd47f753f0f46ed5e056831680ea81aa102Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 172.64.145.78
                                                                                                                                                                              https://opof.utackhepr.com/WE76L1u/Get hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.18.95.41
                                                                                                                                                                              taskhost.exeGet hashmaliciousXWormBrowse
                                                                                                                                                                              • 104.26.2.16
                                                                                                                                                                              https://e.trustifi.com/#/fff2a6/34074b/38c75f/bf3fbd/0d1c47/12c665/f3cdcd/c1be48/e8666a/ef542d/85972d/627493/9a11d6/1f4096/1d247f/d08b7b/9066d9/86c9f0/b1ff53/224fc1/c5dff5/a64e02/f00a15/3cdbea/a78615/4ddb76/30d9f7/98e1a2/9412cb/8e2651/8d4e63/9d313b/2f0213/ae3252/642e4a/6f0b2e/306b49/fd8e03/84bfef/0da4e6/6224c1/902b5e/e0d84c/badeba/3e52c1/94282a/975221/7a2e92/514659/ae5bab/957b7b/eb9e61/6942c6/d917d9/44a5ae/e58297/02048a/55f177/dca75c/c46e68/ac781c/5b787b/abcd53/568132/1d514a/5290de/d0b524/7d0cb6/e4e8bf/2ff215/1ddb69/add914/7674bb/dc5d9b/8fc829/561052/f5a816/40ee64/a0bcf5/b0cc13/8e70a5/255ef2/b24b8d/81e09f/4c70dd/5bbaa4/7ff26c/f1999b/4a2515/4a3a04/0a188eGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.17.25.14
                                                                                                                                                                              smb.ps1Get hashmaliciousXmrigBrowse
                                                                                                                                                                              • 104.16.231.132
                                                                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              • 172.67.164.37
                                                                                                                                                                              file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 104.21.35.43
                                                                                                                                                                              https://tanvu4275q8.wixsite.com/so/8cPEz8Djt/c?w=bJAUesZ8eZ2xWNc0NTHHsU2Nmh3l2WncU6sGxbkep9U.eyJ1IjoiaHR0cHM6Ly9mc2RqZmllZmlqcy5zaXRlLyIsInIiOiI0ODEzNDVjNy1iNDE0LTQwZDAtYjVlOS02NTQxMmJkNjgzMjAiLCJtIjoibWFpbCIsImMiOiJjYmUwODBjMy03ZjVkLTQxMDctOWFhMC05NGMxMmQzNGZhMGEifQGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.21.96.76
                                                                                                                                                                              Uniswap Sniper Bot With GUI.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 172.64.41.3

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              No context

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_Salsa20.pydfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                SecurityUpdate.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  SnapshotLogExtractor.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_ARC4.pydfile.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      SecurityUpdate.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        SnapshotLogExtractor.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_ARC4.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                          Entropy (8bit):4.634028407547307
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:z8MwxTCa5Xv7BelL7u1R/r8qJ7pfpsPG6QEYHGBp5WCmNniHisDJ9UFv4:zTwxTltlelL7urFfUQa5NmYjDLU
                                                                                                                                                                                          MD5:BA43C9C79B726F52CD3187231E3A780F
                                                                                                                                                                                          SHA1:EC0538F8F32F3C58CB7430E82C416B44C0B03D12
                                                                                                                                                                                          SHA-256:7B5E1F955E198278A39B94F6AC18D49CEE21B99C8A951DE722FF99A153162A0B
                                                                                                                                                                                          SHA-512:A74056F9D853B2F020800D9DB0C1C50AD704E5DBD6B9A0A169E1BCC6299AB02E5D1F6A9C0A4FEBE9E14D8FE3264D836E67ADCD1AD2F1C380FED4A98A48E3F3E3
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: SecurityUpdate.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: SnapshotLogExtractor.exe, Detection: malicious, Browse
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ................T........................................p............`.........................................`'.......(..d....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..*.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..$....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_Salsa20.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                          Entropy (8bit):5.010720322611065
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:EUBpDmr37utd9PHv2DznuRGMeS4JUHNDLUYd:mDit6DCVn4WZUW
                                                                                                                                                                                          MD5:991AA4813AF0ADF95B0DF3F59879E21C
                                                                                                                                                                                          SHA1:E44DB4901FFBBB9E8001B5B3602E59F6D2CCC9C8
                                                                                                                                                                                          SHA-256:5B86D84DA033128000D8BC00A237AB07D5FF75078216654C224854BEC0CD6641
                                                                                                                                                                                          SHA-512:C6A9DB8338330AB45A8522FBEF5B59374176AC4BF2C0BAE6471AA6FA4710B7EFE20E9331BA542FA274D32DE623A0B578A1A048765F000F74B1608FFA05E5C550
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                          • Filename: file.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: SecurityUpdate.exe, Detection: malicious, Browse
                                                                                                                                                                                          • Filename: SnapshotLogExtractor.exe, Detection: malicious, Browse
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`.........................................@8.......9..d....`.......P..L............p..$....1...............................1..8............0...............................text...x........................... ..`.rdata..2....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_chacha20.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                          Entropy (8bit):5.030943993303202
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:fhgUBpDmr37utd9PVv2Jnl0Ne3erKr5okiy0Y23RAr2Z9lkNCqDLU/:sDitwJooNiyX2hUA9f0U/
                                                                                                                                                                                          MD5:43C8516BE2AE73FB625E8496FD181F1C
                                                                                                                                                                                          SHA1:6D38E8EE6D38759FDBA6558848DA62BB3FB51EC8
                                                                                                                                                                                          SHA-256:3A1ACFA87110ACE2F8B8F60B03E264F22E2B7E76B53AD98C3B260686B1C27C57
                                                                                                                                                                                          SHA-512:B8DCD4875EF7759DA1F8B96FC85DAC8910720C8168F09AC52DAF85C637955274093530406BE2A58EF237BFAB8CCDF4F06F96EBA7ADFC4F413CBF0E5A7D447774
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...b."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..d............p..$....1...............................1..8............0...............................text...(........................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_aes.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):35840
                                                                                                                                                                                          Entropy (8bit):6.5985845002689825
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:ZOISQpPUUllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52E0H680xz4e:nLh7JbH1G4sS4j990th9VQFI
                                                                                                                                                                                          MD5:DACF0299F0ACD196C0B0C35440C9CF78
                                                                                                                                                                                          SHA1:CFFD37FE04854D60E87058B33CA313F532879BF7
                                                                                                                                                                                          SHA-256:1199152F31FC5179FD39733B6B7D60B7F4A7269FE28CBC434F87FA53810B305D
                                                                                                                                                                                          SHA-512:7FFA5A8979F4258968E37540348E62FD22C795981F4AA9A6962DDEC17CEC8265EC7A7FF7EE4A2EBADF4DA35062972E4C7ADF7C8D4031B60AE218872807E092D9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...]."`.........." .....H...F......T.....................................................`.........................................0...........d...............................0......................................8............`...............................text....G.......H.................. ..`.rdata...5...`...6...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_aesni.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                          Entropy (8bit):5.181873142782463
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:9Ee15je/I3TuvPfB1LeLi2jcXdq2QdeJgDZETDRcYcaKAADLU5YUod:992Y6/B1KL4XdQdggDZ8EU5YUm
                                                                                                                                                                                          MD5:5D1CAEEDC9595EC0A30507C049F215D7
                                                                                                                                                                                          SHA1:B963E17679A0CB1EFDC388B8218BE7373DE8E6CC
                                                                                                                                                                                          SHA-256:A5C4143DDFA6C10216E9467A22B792541096E222EFE71C930A5056B917E531A0
                                                                                                                                                                                          SHA-512:BE8471BE53AFA1EDCAA742B7D1D4222D15D4682BA8E1F8376FC65C46CCC5FE0890D24BBAFB6616F625D5D37A087762317EBAA4AE6518443E644FA01EBC4496E5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................[........................*.......................................7............Rich....................PE..d...]."`.........." ......... ......T.....................................................`.........................................p9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_arc2.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):16384
                                                                                                                                                                                          Entropy (8bit):5.400580637932519
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:rEJe0rPeLTuUt4/wgroOCouz7ucc9dJ7oAAokDLU45Gc:3mUGr9n6769laU45
                                                                                                                                                                                          MD5:4795B16B5E63AEE698E8B601C011F6E6
                                                                                                                                                                                          SHA1:4AA74966B5737A818B168DA991472380FE63AD3E
                                                                                                                                                                                          SHA-256:78DB7D57C23AC96F5D56E90CFB0FBB2E10DE7C6AF48088354AA374709F1A1087
                                                                                                                                                                                          SHA-512:73716040ECF217E41A34FADEA6046D802982F2B01D0133BFD5C215499C84CB6D386AF81235CA21592722F57EA31543D35B859BE2AF1972F347C93A72131C06C2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...]."`.........." ....."... ......T.....................................................`.........................................@I.......I..d....p.......`..................$....B...............................B..8............@...............................text...8 .......".................. ..`.rdata.......@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):6.159203027693185
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:iUpJ7Grjup/vx81AguKUiZA3OkJYkO8d3KobfoHJAyZJg8D0KThxA+rAQE+tnJi8:I2XKAs3ZArTvHbgpJgLa0Mp83xhUoz
                                                                                                                                                                                          MD5:9F33973B19B84A288DF7918346CEC5E4
                                                                                                                                                                                          SHA1:A646146337225D3FA064DE4B15BF7D5C35CE5338
                                                                                                                                                                                          SHA-256:DC86A67CFF9CB3CC763AAAB2D357EC6DBC0616A5DFC16EBE214E8E2C04242737
                                                                                                                                                                                          SHA-512:D7FFA4A640EBD2C9121DBD1BA107B5D76C0385524C4F53DE6FDA1BB0EC16541CEF1981F7E1DAA84F289D4A7D566B0620690AF97AF47F528BBF5B2CD6E49FE90C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....$..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text...H#.......$.................. ..`.rdata.......@.......(..............@..@.data...H....`.......F..............@....pdata.......p.......H..............@..@.rsrc................L..............@..@.reloc..0............N..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cast.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):24576
                                                                                                                                                                                          Entropy (8bit):6.493034619151615
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:pksGDsFSQkHUleKaZXmrfXA+UA10ol31tuXOQkUdT:kTK0K4XmrXA+NNxW+Ud
                                                                                                                                                                                          MD5:89D4B1FC3A62B4A739571855F22E0C18
                                                                                                                                                                                          SHA1:F0F6A893A263EEEB00408F5F87DC9ABB3D3259A6
                                                                                                                                                                                          SHA-256:3832F95FE55D1B4DA223DF5438414F03F18D5EF4AAFD285357A81E4ED5AD5DA1
                                                                                                                                                                                          SHA-512:20C713564C0658FD7A26F56BF629B80FCB4E7F785E66A00163933D57C8E5A344F6B0476F7395A6D8A526D78A60C85884CEFF6B3F812A8EE07E224C9E91F878C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...^."`.........." .....$...>............................................................`.........................................@h.......h..d...............................0....a...............................a..8............@...............................text...x".......$.................. ..`.rdata...,...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cbc.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):4.700268562557766
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:zh05p7mr3Tutd9PUv2anKfI1ve86rYDLUa:tD6t/GKfevTTUa
                                                                                                                                                                                          MD5:73DD025BFA3CFB38E5DAAD0ED9914679
                                                                                                                                                                                          SHA1:65D141331E8629293146D3398A2F76C52301D682
                                                                                                                                                                                          SHA-256:C89F3C0B89CFEE35583D6C470D378DA0AF455EBD9549BE341B4179D342353641
                                                                                                                                                                                          SHA-512:20569F672F3F2E6439AFD714F179A590328A1F9C40C6BC0DC6FCAD7581BC620A877282BAF7EC7F16AAA79724BA2165F71D79AA5919C8D23214BBD39611C23AED
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_cfb.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                          Entropy (8bit):4.99372428436515
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:Dardk3qQb3GukBPZCLfSQl+x5DLUzbgd6:dNzFkHCLKUzbO
                                                                                                                                                                                          MD5:E87AAC7F2A9BF57D6796E5302626EE2F
                                                                                                                                                                                          SHA1:4B633501E76E96C8859436445F38240F877FC6C6
                                                                                                                                                                                          SHA-256:97BF9E392D6AD9E1EC94237407887EA3D1DEC2D23978891A8174C03AF606FD34
                                                                                                                                                                                          SHA-512:108663F0700D9E30E259A62C1AE35B23F5F2ABD0EFF00523AAE171D1DB803DA99488C7395AFD3AD54A242F0CB2C66A60E6904D3E3F75BB1193621FD65DF4AD5C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@....................@......@......@......f......f......f.~.....f......Rich....................PE..d...`."`.........." ................T.....................................................`..........................................8......H9..d....`.......P..d............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ctr.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                          Entropy (8bit):5.274628449067808
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:ktVGzeoI3DuzPpcAdXdO57EEE/quBiFElcUNIDLUnF6+ud:nNYqFcAdXdDqurIUnUp
                                                                                                                                                                                          MD5:F3F30D72D6D7F4BA94B3C1A9364F1831
                                                                                                                                                                                          SHA1:46705C3A35C84BF15CF434E2607BDDD18991E138
                                                                                                                                                                                          SHA-256:7820395C44EAB26DE0312DFC5D08A9A27398F0CAA80D8F9A88DEE804880996FF
                                                                                                                                                                                          SHA-512:01C5EA300A7458EFE1B209C56A826DF0BF3D6FF4DD512F169D6AEE9D540600510C3249866BFB991975CA5E41C77107123E480EDA4D55ECCB88ED22399EE57912
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........o....................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...a."`.........." ......... ......T.....................................................`.........................................P9.......:..d....`.......P...............p..$....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_des.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):56832
                                                                                                                                                                                          Entropy (8bit):4.23001088085281
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:m3gj0/sz71dv/ZHkVnYcZiGKdZHDLIK4vnKAnKorZOzUbq+K9:7jssHZHTr4vZHb69
                                                                                                                                                                                          MD5:020A1E1673A56AF5B93C16B0D312EF50
                                                                                                                                                                                          SHA1:F69C1BB224D30F54E4555F71EA8CAD4ACB5D39BC
                                                                                                                                                                                          SHA-256:290B3ED6151B7BF8B7B227EF76879838294F7FF138AF68E083C2FDDC0A50E4FC
                                                                                                                                                                                          SHA-512:71B5ED33B51F112896BB59D39B02010B3ABC02B3032BD17E2AA084807492DA71BDE8F12ADEF72C6CC0A5A52D783CD7595EEC906C394A21327ADAB2927E853B1F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....6...................................................0............`.....................................................d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata..T....P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_des3.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):57344
                                                                                                                                                                                          Entropy (8bit):4.2510443883540265
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:wVgj0/sKzNweVC/ZHkNnYcZiGKdZHDLaK0vnKAnKLrZVwUbqeo:njsskKZHLR0vZmbx
                                                                                                                                                                                          MD5:EC55478B5DD99BBE1EBA9D6AD8BDE079
                                                                                                                                                                                          SHA1:EC730D05FEEC83B1D72784C2265DC2E2CF67C963
                                                                                                                                                                                          SHA-256:1AF46CBE209E3F1D30CCC0BA9F7E5A455554CAF8B1E3E42F9A93A097D9F435AC
                                                                                                                                                                                          SHA-512:55FE28E839117A19DF31165FEA3DED3F9DFC0DDA16B437CF274174E9AE476C0E5B869FFB8B2CF1880189BFAC3917E8D7078FA44FC96CFF18DC6EAC7AFA7A8F48
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........Sj..2...2...2...J...2..LC...2...Y...2...2...2..LC...2..LC...2..LC...2..j@...2..j@...2..j@...2..j@...2..Rich.2..........................PE..d..._."`.........." .....8...................................................0............`.................................................`...d............................ ..0... ...............................@...8............P...............................text...h7.......8.................. ..`.rdata.......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ecb.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                          Entropy (8bit):4.689882120894326
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:5D8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QxmFWymc3doBKumsLVsDJ9UKvL:lTdJTlDmNelrzuLFf0Qg4yxlumQCDLU
                                                                                                                                                                                          MD5:93DA52E6CE73E0C1FC14F7B24DCF4B45
                                                                                                                                                                                          SHA1:0961CFB91BBCEE3462954996C422E1A9302A690B
                                                                                                                                                                                          SHA-256:DDD427C76F29EDD559425B31EEE54EB5B1BDD567219BA5023254EFDE6591FAA0
                                                                                                                                                                                          SHA-512:49202A13D260473D3281BF7CA375AC1766189B6936C4AA03F524081CC573EE98D236AA9C736BA674ADE876B7E29AE9891AF50F1A72C49850BB21186F84A3C3AB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................&.......'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..p.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                          Entropy (8bit):6.2360102418962855
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:42XHEtPwbdvIbwKBBEHYpJgLa0Mp8u9sLgU:jHMobBiB+HqgLa1Kx
                                                                                                                                                                                          MD5:3D34E2789682844E8B5A06BE3B1C81BF
                                                                                                                                                                                          SHA1:0141D82B4B604E08E620E63B8257FB6A1E210CAF
                                                                                                                                                                                          SHA-256:40B1A6F1318C565E985AFFB8DF304991E908AB1C36C8E960E7AC177E3002FCA0
                                                                                                                                                                                          SHA-512:886780D6CE3F2955C8FAC38F75DC3A2E017F68ED8FCC75BAA6D74A5E4018CFBF2B99F59D0DBFA5D2728EB1AD7F3F8FE54F0AD3F29D74AFC43E2CDC1A21F889C4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...^."`.........." .....(..........T.....................................................`..........................................X.......Y..d............p..................0....Q...............................R..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data...H....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..0............R..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ocb.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                          Entropy (8bit):5.285518610964193
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:txQrFBe/i+/puqeXOv3oTezczeO9p9iYDWYLJzUn:Q5B8txuqeXOfoTezcSO9pUY1JY
                                                                                                                                                                                          MD5:194D1F38FAB24A3847A0B22A120D635B
                                                                                                                                                                                          SHA1:A96A9DF4794CDA21E845AAFE2D5ACD5A40A9C865
                                                                                                                                                                                          SHA-256:FCC68F211C6D2604E8F93E28A3065F6E40F1E044C34D33CC8349EB3873559A0C
                                                                                                                                                                                          SHA-512:07324B03B7DD804090B00BC62C41162FD1788AE3C8450BCA25D63BF254009D04A7ACDF7ACFAF473A3D1BE1FA58B0007FA35D8E486F90C9B48384C035C83B0CCF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...a."`.........." .....(... ......T.....................................................`.........................................@I......<J..d....p.......`..................$....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Cipher\_raw_ofb.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):4.696064367032408
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:V05p7mr3Tutd9PUv22NeLfPI5k3bo7tDLUan:tD6t/N4a3bEZUan
                                                                                                                                                                                          MD5:0628DC6D83F4A9DDDB0552BD0CC9B54C
                                                                                                                                                                                          SHA1:C73F990B84A126A05F1D32D509B6361DCA80BC93
                                                                                                                                                                                          SHA-256:F136B963B5CEB60B0F58127A925D68F04C1C8A946970E10C4ABC3C45A1942BC7
                                                                                                                                                                                          SHA-512:78D005A2FEC5D1C67FC2B64936161026F9A0B1756862BAF51EAF14EDEE7739F915D059814C8D6F66797F84A28071C46B567F3392DAF4FF7FCDFA94220C965C1A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...`."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_BLAKE2b.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                          Entropy (8bit):5.219784380683583
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:305p7mr3Tutd9Pwv2e42bF7i+V2rQnjt1wmg9jN+mp23XDLUk:rD6tTephi+AojO9jbQHUk
                                                                                                                                                                                          MD5:59F65C1AD53526840893980B52CD0497
                                                                                                                                                                                          SHA1:E675A09577C75D877CB1305E60EB3D03A4051B73
                                                                                                                                                                                          SHA-256:2DF02E84CFD77E91D73B3551BDDA868277F8AE38B262FA44528E87208D0B50FC
                                                                                                                                                                                          SHA-512:5E9782793A8BB6437D718A36862C13CDE5E7E3780E6F3E82C01F7B2F83EBBDB63F66B3C988FA8DEF36077F17FA1F6C2C77A82FABBD7C17D1568E7CEA19E7EDD6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...[."`.........." ................T.....................................................`..........................................8......|9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..$....p.......6..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_BLAKE2s.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                          Entropy (8bit):5.171175600505211
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:O05p7mr3Tutd9Pwv2aKbxdcgatX1WmkaA09L9kDLUhX:MD6tTZgtX15kanYU
                                                                                                                                                                                          MD5:4D8230D64493CE217853B4D3B6768674
                                                                                                                                                                                          SHA1:C845366E7C02A2402BA00B9B6735E1FAD3F2F1EF
                                                                                                                                                                                          SHA-256:06885DC99A7621BA3BE3B28CB4BCF972549E23ACF62A710F6D6C580AABA1F25A
                                                                                                                                                                                          SHA-512:C32D5987A0B1DED7211545CB7D3D7482657CA7D74A9083D37A33F65BBE2E7E075CB52EFAEEA00F1840AB8F0BAF7DF1466A4F4E880ABF9650A709814BCEE2F945
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...\."`.........." ................T.....................................................`..........................................8.......9..d....`.......P..@............p..$....2...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD2.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                          Entropy (8bit):5.171087190344686
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:ajJzPAI2p3C2p+EhKnLg9yH8puzoFaPERIQAVqYU:GITp3pp+EhmLg9yH8puzoFaPERIQp
                                                                                                                                                                                          MD5:4B4831FCFCA23CEBEC872CCCCE8C3CE1
                                                                                                                                                                                          SHA1:9CA26A95C31E679B0D4CFEDEACEA38334B29B3F3
                                                                                                                                                                                          SHA-256:75250C7B7EE9F7F944D9C23161D61FE80D59572180A30629C97D1867ECF32093
                                                                                                                                                                                          SHA-512:7218D67A78EBC76D1AA23AEDDF7B7D209A9E65D4A50FD57F07680953BDF40E42B33D3D6388119B54E3948DA433D0F895BCC0F98E6D1AF4B9821AEFE2300C7EA0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................9.......9..d....`.......P..(............p..$....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...x....@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD4.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                          Entropy (8bit):5.0894476079532565
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:ZE4+jfKIb3gudUPpwVp1sAD7I/9hAkeTOre5QDLU+db:CjJzPQwVp1sAD7KvpUv5uUob
                                                                                                                                                                                          MD5:642B9CCEA6E2D6F610D209DC3AACF281
                                                                                                                                                                                          SHA1:8F816AA1D94F085E2FE30A14B4247410910DA8F9
                                                                                                                                                                                          SHA-256:E5DFB0A60E0E372AE1FF4D0E3F01B22E56408F0F9B04C610ECEF2A5847D6D879
                                                                                                                                                                                          SHA-512:A728E2F6264A805CE208FEB24600D23EC04C7D17481A39B01F90E47D82CF6C369D6151BB4170D993BE98CEFE8E6BDF2044CF0DC623BAE662C5584812875FC3B8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...V."`.........." ................T.....................................................`..........................................8.......8..d....`.......P..(............p..$....1...............................2..8............0...............................text............................... ..`.rdata.......0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_MD5.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                          Entropy (8bit):5.432796797907171
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:N9FZ/KFjb3OuTPU84At56BTBvzcuiDSjeoGIQUPTrLFDLUEPLdN:/wztA8Tt5OwuiDSyoGPmXdUEPB
                                                                                                                                                                                          MD5:180017650B62058058CB81B53540A9BF
                                                                                                                                                                                          SHA1:696EECA75621B75BC07E2982EB66D61A1DFECDB6
                                                                                                                                                                                          SHA-256:8146110D92B2F50B3EB02557BE6EE4586EEC1A2AD7204B48A4F28B8859FE6E29
                                                                                                                                                                                          SHA-512:9AD447F0B15639C1FA3300E80EC5B175589930CB9166CF108FAFA74093CE791E1FF55CF6686ABF090A8B44BA6B743FEEBA270F378ED405F15418406AB8D01E9B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." ..... ..........T.....................................................`.........................................P8...... 9..d....`.......P..X............p..$....1...............................1..8............0...............................text............ .................. ..`.rdata..p....0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_RIPEMD160.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13824
                                                                                                                                                                                          Entropy (8bit):5.099895592918567
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:s05p7mr3Tutd9Pgv239k9UgPKsVQJukk7+rDLU8:OD6tD3G9tPKsVQJuUDU
                                                                                                                                                                                          MD5:11F184E124E91BE3EBDF5EAF92FDE408
                                                                                                                                                                                          SHA1:5B0440A1A2FBD1B21D5AF7D454098A2B7C404864
                                                                                                                                                                                          SHA-256:F9220CA8A1948734EC753B1ADA5E655DAF138AF76F01A79C14660B2B144C2FAE
                                                                                                                                                                                          SHA-512:37B3916A5A4E6D7052DDB72D34347F46077BDF1BA1DCF20928B827B3D2C411C612B4E145DFE70F315EA15E8F7F00946D26E4728F339EDDF08C72B4E493C56BC3
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................{........................'....................................................Rich............PE..d...Z."`.........." ......... ......T.....................................................`.........................................p9......H:..d....`.......P...............p..$...@3..............................`3..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..$....p.......4..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA1.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                          Entropy (8bit):5.65813713656815
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:Bj51JwTx7uuj/krY1ZLhGZo2R1J+0eDPSgkNZuOdlptvTLLB5b+vDLUE+Ea:sxQr89hTOJ+0QPSfu6rlZ+/UE+
                                                                                                                                                                                          MD5:51A01A11848322AC53B07D4D24F97652
                                                                                                                                                                                          SHA1:141097D0F0F1C5432B1F1A571310BD4266E56A6D
                                                                                                                                                                                          SHA-256:E549A4FE85759CBFC733ECF190478514B46ECA34EDA2370F523328F6DC976F30
                                                                                                                                                                                          SHA-512:23281BE77496AF3A6507B610191AF5AA005C974F27129073FD70D51E82A5D3E55FB8C7FF28CF1886B55E264B736AB506EE0D97210E764EB1618C74DE2B44E64A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...W."`.........." .....*..........T.....................................................`.........................................PH......(I..d....p.......`..X...............$....A...............................A..8............@...............................text....).......*.................. ..`.rdata..x....@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..$............D..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA224.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                          Entropy (8bit):5.882538742896355
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:lRlEGHXgKXqHGcvYHp5RYcARQOj4MSTjqgPmEO2vUk:NdHXgP/YtswvdUk
                                                                                                                                                                                          MD5:B20D629142A1354BA94033CAC15D7D8C
                                                                                                                                                                                          SHA1:CD600F33D5BC5FA3E70BDF346A8D0FB935166468
                                                                                                                                                                                          SHA-256:147CE6747635B374570D3A1D9FCAB5B195F67E99E34C0F59018A3686A07A3917
                                                                                                                                                                                          SHA-512:72EFD1C653732FB620787B26D0CA44086405A070EC3CD4BBA5445854C5D7DDE6D669060845D093A1FC2593ED6E48630344FA6F0AF685186FB554D8BB9BC97AA0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA256.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):21504
                                                                                                                                                                                          Entropy (8bit):5.88515673373227
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:ARlEGHXiKXqHGcvYHp5RYcARQOj4MSTjqgPmEm9Uk:SdHXiP/YtswvdVk
                                                                                                                                                                                          MD5:6FF2518A93F7279E8FDAC0CE8DE4BF3F
                                                                                                                                                                                          SHA1:77F4713D4F287E2950C06A0EF2F8C7C8D53BABDD
                                                                                                                                                                                          SHA-256:27B4DB005685D8E31E37BD632767D5FFC81818D24B622E3D25B8F08F43E29B57
                                                                                                                                                                                          SHA-512:26A8448D34F70AF62D702851B8353708FB3A1B984CBDC1D2EABE582CAAD8D56B0A835A4C914EB7824DADCF62E83B84D3A669C06ACAF0E1001EB66F85BC5D0377
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...X."`.........." .....6... ......T.....................................................`..........................................Z.......Z..d............p..................$....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..8....P.......:..............@..@.data...(....`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..$............R..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA384.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                          Entropy (8bit):5.843159039658928
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:2HJh9k54Stui0gel9soFdkO66MlPGXmXcCkyk:2H6Ju/FZ6nPxM6k
                                                                                                                                                                                          MD5:8B59C61BB3A3ADFBB7B8C39F11B8084B
                                                                                                                                                                                          SHA1:49595C3F830422FEF88D8FBAF003F32EF25501CE
                                                                                                                                                                                          SHA-256:FBD9CDD873EAFAD3C03C05FFEB0D67F779C2D191389351FE2D835E7D8ECA534F
                                                                                                                                                                                          SHA-512:6FEDCC8631723B63D3D8CAD6D57953EB356C53814FD6F1ECA6299E2A5272F67C58090D339B5E6BB1DA15F7BEB451FCC9A41129AB7F578155A17BBE0C1D385AA6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Y."`.........." .....H..."......T.....................................................`..........................................k......hl..d...............................$...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_SHA512.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                          Entropy (8bit):5.896939915107
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:VxpB9/i4z5tui0gel9soFdkO66MlPGXmXcPtOJkw:Vx11u/FZ6nPxM8k
                                                                                                                                                                                          MD5:6A84B1C402DB7FE29E991FCA86C3CECF
                                                                                                                                                                                          SHA1:FC62477E770F4267C58853C92584969B2F0FEBE2
                                                                                                                                                                                          SHA-256:CF8FD7B6BBC38FE3570B2C610E9C946CD56BE5D193387B9146F09D9B5745F4BC
                                                                                                                                                                                          SHA-512:B9D1195429E674778A90262E0A438B72224B113B7222535DAA361222DEE049C9929481D6E1138117655EAE9B2735D51638209A6EF07963F5249AD74F0BFD75C6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...Z."`.........." .....H..."......T.....................................................`..........................................l.......l..d...............................$....d...............................e..8............`...............................text...xG.......H.................. ..`.rdata..H....`.......L..............@..@.data...(............^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..$............f..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_ghash_clmul.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12800
                                                                                                                                                                                          Entropy (8bit):4.957384431518367
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:PUBpDmr37utd9PHv2O3sER2fi2s4DLUgdLl:zDit6O3sa4XUO
                                                                                                                                                                                          MD5:1D49E6E34FE84C972484B6293CC2F297
                                                                                                                                                                                          SHA1:3A799DB7102912DA344112712FD2236A099C7F5E
                                                                                                                                                                                          SHA-256:B2FD9F57815B3F7FFC3365D02510B88DBE74AB1EFF8BE9099DC902412057244D
                                                                                                                                                                                          SHA-512:CAD8FCC78006D643590C3D784C2DF051B8C448DE457B41507F031C9D7891036AD3F8E00B695D92F5138C250B2426A57C16F7293237054A245FF08B26AD86CF25
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..............................@......................@.......@.......@.......f.......f.......f.......f.......Rich............................PE..d...\."`.........." ................T.....................................................`..........................................8.......8..d....`.......P...............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..$....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_ghash_portable.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                          Entropy (8bit):5.014628606839607
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:lUBpDmr37utd9PVv27c0qKzLF4DHxXUcDLU/:9DitwzvV4DREiU/
                                                                                                                                                                                          MD5:CDD1A63E9F508D01EEBEE7646A278805
                                                                                                                                                                                          SHA1:3CB34B17B63F2F61C2FA1B1338D0B94CF9EE67AF
                                                                                                                                                                                          SHA-256:AB96945D26FEF23EF4B12E1BD5B1841CFECB8B06AB490B436E3F1A977A7F5E8B
                                                                                                                                                                                          SHA-512:5F136D8EBFE6AC43846C4820FF8A3C81D991FCACC219C23DDD0674E75B930A1A948D02925BCC7BD807F5A68F01F65B35037B8A193143EB552D224E1DD906C158
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F................K........................&.......................................'............Rich....................PE..d...\."`.........." ................T.....................................................`..........................................7.......8..d....`.......P..X............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..$....p.......2..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_keccak.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                          Entropy (8bit):5.243633265407984
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:QUN0iKNb3NuUPyxfFNhoCoK7e+TcBXJ2kMQ75i6nElDLUH:dYz8JpF39oK6+QBXJ2k775NKU
                                                                                                                                                                                          MD5:57A49AC595084A19516C64079EE1A4C7
                                                                                                                                                                                          SHA1:4B188D0E9965AB0DA8D9363FC7FEEE737DF81F74
                                                                                                                                                                                          SHA-256:D7DA3DC02AC4685D3722E5AF63CA1A8857D53454D59CF64C784625D649897D72
                                                                                                                                                                                          SHA-512:693989D01070835DC9D487C904F012EE5BE72219E1EEAEC56EE3BC35659192714D8F538BEA30F4849B3A3D4BCF24705EDFE84AD2742F6C8562F6C6215F7917BE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...[."`.........." ..... ..........T.....................................................`..........................................8.......9..d....`.......P..d............p..$...p2...............................2..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..d....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..$....p.......:..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Hash\_poly1305.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                          Entropy (8bit):5.253962925838046
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:t39lJPKBb3+ujPH/41fPnVSEsV3+ldpCArU8vOjpDLUFDdA:V9wzdz/afPCV3YdjdvMUFpA
                                                                                                                                                                                          MD5:C19895CE6ABC5D85F63572308BD2D403
                                                                                                                                                                                          SHA1:6B444E59112792B59D3BA4F304A30B62EEBD77FA
                                                                                                                                                                                          SHA-256:1BCA3479A4CC033E8BC3B4DD8DCC531F38E7B7FE650A7DA09120CCAC100D70A4
                                                                                                                                                                                          SHA-512:D8D493D51DE052F2A0BB18C4CD6F5E15AB5D5CCB3276D38DDA44382746656618560878359D6C95A76B223CBD4B2CD39C817EC7FC3108EED5D541CF4BD95AAA14
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......F.f.......................................$....................................................Rich....................PE..d...\."`.........." ................T.....................................................`..........................................8......h9..d....`.......P..|............p..$....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..$....p.......8..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Math\_modexp.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):32768
                                                                                                                                                                                          Entropy (8bit):5.913715253597897
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:4ea6OoLEx/fpMgEXNSNk/IppSQDLw16UADNIz7Izy+3O3nCpDN+cGJVtV81UpSu8:44OoMpMgqSpz41ht7EOeYcUV4ipwr
                                                                                                                                                                                          MD5:150F31A18FDCCB30695E8A11B844CB9A
                                                                                                                                                                                          SHA1:85A333C8A866AAFBF6B3766CED0B7079A2358C42
                                                                                                                                                                                          SHA-256:D26D543EFC9A6C3D5BA52FFC55965A2C3DBB7E634776EF6C1789E5DF8E4DF3E5
                                                                                                                                                                                          SHA-512:DDFE93CBE315E060A8F0B3863A1675D8F156BF84F157CD7BCBD7EC57F88C72DD21E6C2A5077A142D828DAD0C40149EE4064C34E6EE26787A8B32D4AC9A18E1CA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........P.R.>.R.>.R.>.[...V.>..?.P.>.F.?.Q.>.R.?.{.>..;.Y.>..:.Z.>..=.Q.>..6.V.>..>.S.>....S.>..<.S.>.RichR.>.........PE..d...i."`.........." .....V...,............................................................`..........................................~..d.......d...............T...............$....q...............................q..8............p..(............................text...(U.......V.................. ..`.rdata.......p.......Z..............@..@.data...H............n..............@....pdata..T............t..............@..@.rsrc................|..............@..@.reloc..$............~..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Protocol\_scrypt.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):4.725087774300977
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:N942/KIb3bu95Pp2abc64uVNn4DLUOVdB:FJzCxl464aGUOf
                                                                                                                                                                                          MD5:66052F3B3D4C48E95377B1B827B959BB
                                                                                                                                                                                          SHA1:CF3F0F82B87E67D75B42EAAB144AE7677E0C882E
                                                                                                                                                                                          SHA-256:C9A6A7D7CE0238A8D03BCC1E43FD419C46FAEA3E89053355199DEDF56DADAFA4
                                                                                                                                                                                          SHA-512:9A7F45CE151890032574ED1EF8F45640E489987DC3AF716E5D7F31127BA3675E1F4C775229184C52D9A3792DF9CB2B3D0D3BE079192C40E900BA0CC69E8E3EE5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........./...A...A...A.......A.@.@...A...@...A...@..A.@.D...A.@.E...A.@.B...A.f.I...A.f.A...A.f....A.f.C...A.Rich..A.........................PE..d...b."`.........." ................T.....................................................`.........................................P8..d....8..d....`.......P..4............p..$....1...............................1..8............0...............................text...X........................... ..`.rdata.......0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..$....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\PublicKey\_ec_ws.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):748032
                                                                                                                                                                                          Entropy (8bit):7.627003962799197
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:b3HtKHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:b3NKHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                          MD5:B96D4854F02D932D9D84DB7CE254C85A
                                                                                                                                                                                          SHA1:61F8F284EEB65B21A5373DA85270802B9E0ABBF4
                                                                                                                                                                                          SHA-256:E73BC5D362A1439FD87BF3901D5B2D4534B50E3B935C841F25D3C49BF3D4D7EE
                                                                                                                                                                                          SHA-512:1FDE226034F48B29143E1B3042FB42C91BE8DE5DDC53B2F2FA3DAB1CCA99FB34AF3A8FB57B0CB5B152943BE156B4521DAE04FB80B08EC04A3F371E30D137297A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.2...a...a...a.sba...alz.`...a.`.`...a...a...alz.`...alz.`...alz.`...aJy.`...aJy.`...aJy.a...aJy.`...aRich...a........................PE..d...g."`.........." .....V................................................................`.........................................p_.......a..d...............H...............0....H...............................I..8............p..(............................text....T.......V.................. ..`.rdata.......p.......Z..............@..@.data...X....p.......P..............@....pdata..H............X..............@..@.rsrc................f..............@..@.reloc..0............h..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Util\_cpuid_c.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                          Entropy (8bit):4.662736103035243
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:5y8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6Q9qHaGi0oYAsDJ9UqvA:0TdJTlDmNelrzuLFf0Qd03DLU
                                                                                                                                                                                          MD5:E17F1BA35CF28FA1DDA7B1EC29573E0E
                                                                                                                                                                                          SHA1:6EB63305E38BD75931E3325E0C3F58F7CB3F2AD0
                                                                                                                                                                                          SHA-256:D37CCB530F177F3E39C05B0CA0A70661B2541CCAF56818DAD4FCF336EEED3321
                                                                                                                                                                                          SHA-512:8E7AF8712592084178E3B93FE54E60AC32A774D151896AFEE937CDB3BB9F629F4B597F85AF9B56A1C14612121357FC0DDAA45E71D91B13C36E88292D3050A1B9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...`."`.........." ................T........................................p............`..........................................'..|...|'..P....P.......@...............`..$....!...............................!..8............ ...............................text............................... ..`.rdata..H.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\Cryptodome\Util\_strxor.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                          Entropy (8bit):4.620728904455609
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:5Z8MdJTCaDAH37Belrzu1x/r8qJ7pfJsPG6QgcfPPYdsDJ9UKvb:nTdJTlDmNelrzuLFf0Q5P3DLU
                                                                                                                                                                                          MD5:3369F9BB8B0EE93E5AD5B201956DC60F
                                                                                                                                                                                          SHA1:A5B75CBD6CE905A179E49888E798CD6AE9E9194D
                                                                                                                                                                                          SHA-256:5940E97E687A854E446DC859284A90C64CF6D87912C37172B8823A8C3A7B73DF
                                                                                                                                                                                          SHA-512:C4E71D683BE64A8E6AB533FA4C1C3040B96D0BE812EA74C99D2D2B5D52470C24B45D55366A7ACB9D8CDA759A618CBAF0D0A7ECFEF4C0954DF89FDB768D9893E2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mr..............t......,}.......g..............,}......,}......,}.......~.......~.......~.......~......Rich............................PE..d...b."`.........." ................T........................................p............`..........................................&..t...d'..P....P.......@...............`..$....!...............................!..8............ ...............................text...x........................... ..`.rdata..0.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..$....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\VCRUNTIME140.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):98736
                                                                                                                                                                                          Entropy (8bit):6.474996871326343
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:BxhUQePlHhR46rXHHGI+mAAD4AeDuXMycecb8i10DWZz:Bvk4wHH+mZD4ADAecb8G1
                                                                                                                                                                                          MD5:F12681A472B9DD04A812E16096514974
                                                                                                                                                                                          SHA1:6FD102EB3E0B0E6EEF08118D71F28702D1A9067C
                                                                                                                                                                                          SHA-256:D66C3B47091CEB3F8D3CC165A43D285AE919211A0C0FCB74491EE574D8D464F8
                                                                                                                                                                                          SHA-512:7D3ACCBF84DE73FB0C5C0DE812A9ED600D39CD7ED0F99527CA86A57CE63F48765A370E913E3A46FFC2CCD48EE07D823DAFDD157710EEF9E7CC1EB7505DC323A2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A.&k..H8..H8..H8.I9..H8...8..H8..I8(.H8e.K9..H8e.L9..H8e.M9..H8e.H9..H8e..8..H8e.J9..H8Rich..H8................PE..d....9............" ... .....`......`.....................................................`A........................................0C..4...dK...............p..p....Z...'...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......B..............@....pdata..p....p.......F..............@..@_RDATA..\............R..............@..@.rsrc................T..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_asyncio.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):64424
                                                                                                                                                                                          Entropy (8bit):6.124000794465739
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:r/p7Wh7XUagO7BR4SjavFHx8pIS5nWQ7Sy7o:r/tWhzUahBR4Sjahx8pIS5n5Fo
                                                                                                                                                                                          MD5:6EB3C9FC8C216CEA8981B12FD41FBDCD
                                                                                                                                                                                          SHA1:5F3787051F20514BB9E34F9D537D78C06E7A43E6
                                                                                                                                                                                          SHA-256:3B0661EF2264D6566368B677C732BA062AC4688EF40C22476992A0F9536B0010
                                                                                                                                                                                          SHA-512:2027707824D0948673443DD54B4F45BC44680C05C3C4A193C7C1803A1030124AD6C8FBE685CC7AAF15668D90C4CD9BFB93DE51EA8DB4AF5ABE742C1EF2DCD08B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~[b...b...b...k..`.......`.......n.......j.......a.......a.......`...b..........c.......c.......c.......c...Richb...........PE..d....K.b.........." ... .T..........`...............................................^.....`.............................................P...P...d........................)...........w..T...........................@v..@............p.. ............................text....R.......T.................. ..`.rdata...I...p...J...X..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_bz2.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):83368
                                                                                                                                                                                          Entropy (8bit):6.530099411242372
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:asRz7qNFcaO6ViD4fhaLRFc/a8kd7jzWHCxIStVs7Sywk:9RzGYYhaY9kd7jzWixIStVs+k
                                                                                                                                                                                          MD5:A4B636201605067B676CC43784AE5570
                                                                                                                                                                                          SHA1:E9F49D0FC75F25743D04CE23C496EB5F89E72A9A
                                                                                                                                                                                          SHA-256:F178E29921C04FB68CC08B1E5D1181E5DF8CE1DE38A968778E27990F4A69973C
                                                                                                                                                                                          SHA-512:02096BC36C7A9ECFA1712FE738B5EF8B78C6964E0E363136166657C153727B870A6A44C1E1EC9B81289D1AA0AF9C85F1A37B95B667103EDC2D3916280B6A9488
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........{..{..{...#.{......{....M.{......{......{......{......{..Z...{..{...{......{......{....O.{......{..Rich.{..........PE..d....K.b.........." ... .....^..............................................P......& ....`.........................................p...H............0....... .. ........)...@..........T...........................p...@............................................text...O........................... ..`.rdata..L>.......@..................@..@.data...............................@....pdata.. .... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_cffi_backend.cp310-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):178176
                                                                                                                                                                                          Entropy (8bit):6.160618368535074
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:a28mc0wlApJaPh2dEVWkS0EDejc2zSTBcS7EkSTLkKDtJbtb:axTlApohBV1S0usWchkSTLLDDt
                                                                                                                                                                                          MD5:2BAAA98B744915339AE6C016B17C3763
                                                                                                                                                                                          SHA1:483C11673B73698F20CA2FF0748628C789B4DC68
                                                                                                                                                                                          SHA-256:4F1CE205C2BE986C9D38B951B6BCB6045EB363E06DACC069A41941F80BE9068C
                                                                                                                                                                                          SHA-512:2AE8DF6E764C0813A4C9F7AC5A08E045B44DAAC551E8FF5F8AA83286BE96AA0714D373B8D58E6D3AA4B821786A919505B74F118013D9FCD1EBC5A9E4876C2B5F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........#...p...p...p...p...p.y.q...p.y{p...p.y.q...p.y.q...p.y.q...p.q...pi..q...p...pX..p.x.q...p...p...p.x.q...p.xyp...p.x.q...pRich...p................PE..d......f.........." ...).....B.............................................. ............`.........................................PX..l....X.......................................?...............................=..@............................................text............................... ..`.rdata..............................@..@.data....].......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_ctypes.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):122792
                                                                                                                                                                                          Entropy (8bit):6.021506515932983
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:bsQx9bm+edYe3ehG+20t7MqfrSW08UficVISQPkFPR:QQxCOhGB0tgqfrSiUficrZ
                                                                                                                                                                                          MD5:87596DB63925DBFE4D5F0F36394D7AB0
                                                                                                                                                                                          SHA1:AD1DD48BBC078FE0A2354C28CB33F92A7E64907E
                                                                                                                                                                                          SHA-256:92D7954D9099762D81C1AE2836C11B6BA58C1883FDE8EEEFE387CC93F2F6AFB4
                                                                                                                                                                                          SHA-512:E6D63E6FE1C3BD79F1E39CB09B6F56589F0EE80FD4F4638002FE026752BFA65457982ADBEF13150FA2F36E68771262D9378971023E07A75D710026ED37E83D7B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......T....ne..ne..ne......ne.p.d..ne.p.`..ne.p.a..ne.p.f..ne.t.d..ne...a..ne...d..ne...d..ne..nd..ne.t.h..ne.t.e..ne.t....ne.t.g..ne.Rich.ne.........PE..d....K.b.........." ... ............P[..............................................H.....`..........................................Q.......R...........................).......... ...T...............................@...............@............................text............................... ..`.rdata..nl.......n..................@..@.data...D>...p...8...^..............@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_decimal.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):250280
                                                                                                                                                                                          Entropy (8bit):6.547354352688139
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:TogRj7JKM8c7N6FiFUGMKa3xB6Dhj9qWMa3pLW1A64WsqC:tPJKa7N6FEa3x4NlbqC
                                                                                                                                                                                          MD5:10F7B96C666F332EC512EDADE873EECB
                                                                                                                                                                                          SHA1:4F511C030D4517552979105A8BB8CCCF3A56FCEA
                                                                                                                                                                                          SHA-256:6314C99A3EFA15307E7BDBE18C0B49BC841C734F42923A0B44AAB42ED7D4A62D
                                                                                                                                                                                          SHA-512:CFE5538E3BECBC3AA5540C627AF7BF13AD8F5C160B581A304D1510E0CB2876D49801DF76916DCDA6B7E0654CE145BB66D6E31BD6174524AE681D5F2B49088419
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................7.......................................+.........c.........................[...........Rich...........PE..d....K.b.........." ... .p...:.......................................................^....`..........................................D..P...@E...................'.......)......@...p...T...........................0...@............................................text...]o.......p.................. ..`.rdata...............t..............@..@.data....)...`...$...L..............@....pdata...'.......(...p..............@..@.rsrc...............................@..@.reloc..@...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_hashlib.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):61864
                                                                                                                                                                                          Entropy (8bit):6.210920109899827
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:aSz5iGzcowlJF+aSe3kuKUZgL4dqDswE9+B1fpIS5IHYiSyvc9eEdB:npWlJF+aYupZbdqDOgB1fpIS5IH7Sy+V
                                                                                                                                                                                          MD5:49CE7A28E1C0EB65A9A583A6BA44FA3B
                                                                                                                                                                                          SHA1:DCFBEE380E7D6C88128A807F381A831B6A752F10
                                                                                                                                                                                          SHA-256:1BE5CFD06A782B2AE8E4629D9D035CBC487074E8F63B9773C85E317BE29C0430
                                                                                                                                                                                          SHA-512:CF1F96D6D61ECB2997BB541E9EDA7082EF4A445D3DD411CE6FD71B0DFE672F4DFADDF36AE0FB7D5F6D1345FBD90C19961A8F35328332CDAA232F322C0BF9A1F9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......zD.A>%..>%..>%..7]..:%..^_..<%..^_..2%..^_..6%..^_..=%..Z_..<%...W..<%...\..=%..>%...%..Z_..?%..Z_..?%..Z_..?%..Z_..?%..Rich>%..................PE..d....K.b.........." ... .P...z.......<..............................................Np....`............................................P...@............................)......X....l..T............................k..@............`..(............................text....N.......P.................. ..`.rdata..VM...`...N...T..............@..@.data...8...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_lzma.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):158120
                                                                                                                                                                                          Entropy (8bit):6.838169661977938
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:MeORg8tdLRrHn5Xp4znfI9mNoY6JCvyPZxsyTxISe1KmDd:M/Rgo1L5wwYOY6MixJKR
                                                                                                                                                                                          MD5:B5FBC034AD7C70A2AD1EB34D08B36CF8
                                                                                                                                                                                          SHA1:4EFE3F21BE36095673D949CCEAC928E11522B29C
                                                                                                                                                                                          SHA-256:80A6EBE46F43FFA93BBDBFC83E67D6F44A44055DE1439B06E4DD2983CB243DF6
                                                                                                                                                                                          SHA-512:E7185DA748502B645030C96D3345D75814BA5FD95A997C2D1C923D981C44D5B90DB64FAF77DDBBDC805769AF1BEC37DAF0ECEE0930A248B67A1C2D92B59C250C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........m....................................................<.........................................Rich...........................PE..d....L.b.........." ... .d...........8...............................................p....`.........................................0%..L...|%..x....p.......P.......@...)......H.......T...........................`...@............................................text...^c.......d.................. ..`.rdata..............h..............@..@.data........@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..H............>..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_multiprocessing.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):33192
                                                                                                                                                                                          Entropy (8bit):6.3186201273933635
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:Y3I65wgJ5xeSZg2edRnJ8ZISRtczYiSyvZCeEdP:gIgJ5Uqg2edRJ8ZISRtcz7Sy0b
                                                                                                                                                                                          MD5:71AC323C9F6E8A174F1B308B8C036E88
                                                                                                                                                                                          SHA1:0521DF96B0D622544638C1903D32B1AFF1F186B0
                                                                                                                                                                                          SHA-256:BE8269C83666EAA342788E62085A3DB28F81512D2CFA6156BF137B13EBEBE9E0
                                                                                                                                                                                          SHA-512:014D73846F06E9608525A4B737B7FCCBE2123D0E8EB17301244B9C1829498328F7BC839CC45A1563CF066668EA6E0C4E3A5A0821AB05C999A97C20AA669E9EDA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........_.+.>.x.>.x.>.x.Fgx.>.x.D.y.>.x.D.y.>.x.D.y.>.x.D.y.>.x.D.y.>.x.>.x.>.xmL.y.>.x.D.y.>.x.D.y.>.x.D.x.>.x.D.y.>.xRich.>.x........................PE..d....K.b.........." ... .....<......0....................................................`.........................................0D..`....D..x....p.......`.......X...)...........4..T...........................p3..@............0...............................text............................... ..`.rdata..^....0... ..."..............@..@.data........P.......B..............@....pdata.......`.......H..............@..@.rsrc........p.......L..............@..@.reloc...............V..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_overlapped.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48552
                                                                                                                                                                                          Entropy (8bit):6.319402195167259
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:9i4KJKYCKlBj7gKxwfZQ7ZlYXF1SVMHE4ftISstDYiSyvM+eEd2:hKJfBuAA1SVWBftISstD7Syti
                                                                                                                                                                                          MD5:7E6BD435C918E7C34336C7434404EEDF
                                                                                                                                                                                          SHA1:F3A749AD1D7513EC41066AB143F97FA4D07559E1
                                                                                                                                                                                          SHA-256:0606A0C5C4AB46C4A25DED5A2772E672016CAC574503681841800F9059AF21C4
                                                                                                                                                                                          SHA-512:C8BF4B1EC6C8FA09C299A8418EE38CDCCB04AFA3A3C2E6D92625DBC2DE41F81DD0DF200FD37FCC41909C2851AC5CA936AF632307115B9AC31EC020D9ED63F157
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|.K{8.%(8.%(8.%(1..(<.%(X.$):.%(X. )4.%(X.!)0.%(X.&);.%(\.$):.%(8.$(N.%(.$)=.%(.!)9.%(\.()9.%(\.%)9.%(\..(9.%(\.')9.%(Rich8.%(........PE..d....K.b.........." ... .>...X...... ................................................o....`..........................................w..X...(x...........................)...... ....V..T............................U..@............P...............................text....<.......>.................. ..`.rdata...4...P...6...B..............@..@.data................x..............@....pdata..............................@..@.rsrc...............................@..@.reloc.. ...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_pytransform.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1164800
                                                                                                                                                                                          Entropy (8bit):7.05748889255336
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:8RgySc2phTzucZzdcZ7fUoPTS4ObanoVen42fw5I:BySc2ptScvkosfcI
                                                                                                                                                                                          MD5:E4761848102A6902B8E38F3116A91A41
                                                                                                                                                                                          SHA1:C262973E26BD9D8549D4A9ABF4B7AE0CA4DB75F0
                                                                                                                                                                                          SHA-256:9D03619721C887413315BD674DAE694FBD70EF575EB0138F461A34E2DD98A5FD
                                                                                                                                                                                          SHA-512:A148640AA6F4B4EF3AE37922D8A11F4DEF9ECFD595438B9A36B1BE0810BFB36ABF0E01BEE0AA79712AF0D70CDDCE928C0DF5057C0418C4ED0D733C6193761E82
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d..................".....^..........0..........p.............................................. .........................................+....................p...'...........................................P..(...................d................................text....].......^..................`.P`.data........p.......b..............@.`..rdata..p............d..............@.`@.pdata...'...p...(...R..............@.0@.xdata..L,...........z..............@.0@.bss....h.............................`..edata..+...........................@.0@.idata..............................@.0..CRT....X...........................@.@..tls................................@.@..reloc..............................@.0B........................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_queue.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):30632
                                                                                                                                                                                          Entropy (8bit):6.41055734058478
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:lez/Dt36r34krA4eVIS7UAYiSyvAEYeEdSiD:leDE34krA4eVIS7UA7Sy9YLD
                                                                                                                                                                                          MD5:23F4BECF6A1DF36AEE468BB0949AC2BC
                                                                                                                                                                                          SHA1:A0E027D79A281981F97343F2D0E7322B9FE9B441
                                                                                                                                                                                          SHA-256:09C5FAF270FD63BDE6C45CC53B05160262C7CA47D4C37825ED3E15D479DAEE66
                                                                                                                                                                                          SHA-512:3EE5B3B7583BE1408C0E1E1C885512445A7E47A69FF874508E8F0A00A66A40A0E828CE33E6F30DDC3AC518D69E4BB96C8B36011FB4EDEDF9A9630EF98A14893B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......&.~Zb...b...b...k..`.......`.......n.......j.......a.......a.......`...b...+.......c.......c.......c.......c...Richb...........................PE..d....K.b.........." ... .....8.......................................................F....`..........................................C..L....C..d....p.......`.......N...)..........`4..T........................... 3..@............0..(............................text............................... ..`.rdata..2....0......................@..@.data...x....P.......:..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc...............L..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_socket.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):77736
                                                                                                                                                                                          Entropy (8bit):6.247935524153974
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:C6DucXZAuj19/s+S+pjtk/DDTaVISQwn7SyML:C6DPXSuj19/sT+ppk/XWVISQwneL
                                                                                                                                                                                          MD5:E137DF498C120D6AC64EA1281BCAB600
                                                                                                                                                                                          SHA1:B515E09868E9023D43991A05C113B2B662183CFE
                                                                                                                                                                                          SHA-256:8046BF64E463D5AA38D13525891156131CF997C2E6CDF47527BC352F00F5C90A
                                                                                                                                                                                          SHA-512:CC2772D282B81873AA7C5CBA5939D232CCEB6BE0908B211EDB18C25A17CBDB5072F102C0D6B7BC9B6B2F1F787B56AB1BC9BE731BB9E98885C17E26A09C2BEB90
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6...ry..ry..ry..{.g.ty......py.......y......zy......qy......py..ry...y......uy......sy......sy......sy......sy..Richry..................PE..d....K.b.........." ... .l.......... &.......................................P.......Q....`.............................................P...P........0....... ..l........)...@.........T...............................@............................................text...Rj.......l.................. ..`.rdata...s.......t...p..............@..@.data...............................@....pdata..l.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_sqlite3.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):97704
                                                                                                                                                                                          Entropy (8bit):6.173518585387285
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:GzgMWYDOavuvwYXGqijQaIrlIaiP9NbTp9c4L7ZJkyDpIS5Qux7Syce:NFYqDPSQaIrlI/DbLc2tJkyDpIS5QuxZ
                                                                                                                                                                                          MD5:7F61EACBBBA2ECF6BF4ACF498FA52CE1
                                                                                                                                                                                          SHA1:3174913F971D031929C310B5E51872597D613606
                                                                                                                                                                                          SHA-256:85DE6D0B08B5CC1F2C3225C07338C76E1CAB43B4DE66619824F7B06CB2284C9E
                                                                                                                                                                                          SHA-512:A5F6F830C7A5FADC3349B42DB0F3DA1FDDB160D7E488EA175BF9BE4732A18E277D2978720C0E294107526561A7011FADAB992C555D93E77D4411528E7C4E695A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dQ...?...?...?..}....?..>...?......?..:...?..;...?..<...?..>...?.;w>...?...>...?..2...?..?...?......?..=...?.Rich..?.................PE..d....L.b.........." ... ............................................................4.....`.............................................P....................`.......T...)..............T...............................@...............`............................text...n........................... ..`.rdata...p.......r..................@..@.data...,....@......................@....pdata.......`.......2..............@..@.rsrc................F..............@..@.reloc...............P..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_ssl.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):159144
                                                                                                                                                                                          Entropy (8bit):6.002098953253968
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:UhIDGtzShE3z/JHPUE0uev5J2oE/wu3rE923+nuI5Piev9muxISt710Y:UhIqtzShE3zhvyue5EMnuaF9mu3
                                                                                                                                                                                          MD5:35F66AD429CD636BCAD858238C596828
                                                                                                                                                                                          SHA1:AD4534A266F77A9CDCE7B97818531CE20364CB65
                                                                                                                                                                                          SHA-256:58B772B53BFE898513C0EB264AE4FA47ED3D8F256BC8F70202356D20F9ECB6DC
                                                                                                                                                                                          SHA-512:1CCA8E6C3A21A8B05CC7518BD62C4E3F57937910F2A310E00F13F60F6A94728EF2004A2F4A3D133755139C3A45B252E6DB76987B6B78BC8269A21AD5890356AD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........dI...'L..'L..'L.}.L..'L..&M..'L.."M..'L..#M..'L..$M..'L..&M..'Lz|&M..'L..&Lt.'L)w&M..'L..*M..'L..'M..'L...L..'L..%M..'LRich..'L................PE..d....K.b.........." ... ............l*...................................................`............................................d...4........`.......P.......D...)...p..<.......T...............................@............................................text...x........................... ..`.rdata..J...........................@..@.data....j.......f..................@....pdata.......P....... ..............@..@.rsrc........`.......,..............@..@.reloc..<....p.......6..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\_win32sysloader.cp310-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):4.922363545317259
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:i+LZ/rJjFTo6VB8rEn/sDWBPKLNmZRsYnGcyLtjNXG:ievLVL/sqBd+lFlG
                                                                                                                                                                                          MD5:5BDD23970D9AEBCA8838C0562336A1CF
                                                                                                                                                                                          SHA1:B256A34C95A5CB99DBC880F522266E59E71BB701
                                                                                                                                                                                          SHA-256:12434F2FE3EF83859DE5E74B0C51407770FFCD4A9219044532804B32E38308FD
                                                                                                                                                                                          SHA-512:15E29261C6676ABBACE771BAF248F06A2319CA721046F6788EE5E331C51A75CBE44B2A24F15EC32F0A371D525AA40E439BF0074E5D68D4657BF038114379E7B0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........D...D...D...M.".F....!..F...7...F....!..E....!..N....!..L.......G...D...`....!..E....!..E....!..E...RichD...........................PE..d......a.........." ......................................................................`..........................................7..p...@8..d....p.......P..................0....2..T...........................p2...............0..@............................text............................... ..`.rdata..J....0......................@..@.data........@.......$..............@....pdata.......P.......&..............@..@.gfids.......`.......(..............@..@.rsrc........p.......*..............@..@.reloc..0...........................@..B................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\base_library.zip

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):831926
                                                                                                                                                                                          Entropy (8bit):5.70050323648214
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:PEHYKPY+WygVqFcIWUA4a2YCdbVwxDfpEn4jSRMNuc:PEHYMVg8La2JVwxDfpEn4GMNuc
                                                                                                                                                                                          MD5:5B401D1566B6FA639FD2AFF2A881EA1F
                                                                                                                                                                                          SHA1:4DF0849556EF7C82D39C7EA4C34A0188677A03AC
                                                                                                                                                                                          SHA-256:0DDFF00FEC783E3DDB1B425CE741A9E1564ACD57AE95EA5123BD642FB758DC2C
                                                                                                                                                                                          SHA-512:5F666BA89FD86847AA53AA7B51D135F820A348C1F722049B6CA2374EB1726A3255BA9B0CA7D3C8F7C1621EB3AE813ABDA20DC3F8BE33C3E47A38240721412B13
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:PK..........!."..u............_collections_abc.pyco........k..u.s{.....................@.......d.Z.d.d.l.m.Z.m.Z...d.d.l.Z.e.e.e.....Z.e.d...Z.d.d...Z.e.e...Z.[.g.d...Z.d.Z.e.e.d.....Z.e.e.e.......Z.e.e.i.........Z.e.e.i.........Z.e.e.i.........Z.e.e.g.....Z.e.e.e.g.......Z.e.e.e.d.......Z.e.e.e.d.d.>.......Z.e.e.e.......Z.e.e.d.....Z e.e.d.....Z!e.e.e"......Z#e.i.......Z$e.i.......Z%e.i.......Z&e.e.j'..Z(e.d.d.......Z)d.d...Z*e*..Z*e.e*..Z+e*.,....[*d.d...Z-e-..Z-e.e-..Z.[-d.d...Z/G.d.d...d.e.d...Z0G.d.d...d.e.d...Z1G.d.d...d.e1..Z2e2.3e+....G.d.d...d.e.d...Z4G.d.d ..d e4..Z5G.d!d"..d"e5..Z6e6.3e.....G.d#d$..d$e.d...Z7G.d%d&..d&e7..Z8e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e.....e8.3e ....e8.3e!....e8.3e#....G.d'd(..d(e7..Z9G.d)d*..d*e8..Z:e:.3e)....G.d+d,..d,e.d...Z;G.d-d...d.e.d...Z<G.d/d0..d0e;e7e<..Z=G.d1d2..d2e...Z>d3d4..Z?d5d6..Z@d7d8..ZAG.d9d:..d:e.d...ZBG.d;d<..d<e=..ZCeC.3eD....G.d=d>..d>eC..ZEeE.3e.....G.d?d@..d@e=..ZFeF

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\certifi\cacert.pem

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):299427
                                                                                                                                                                                          Entropy (8bit):6.047872935262006
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                          MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                          SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                          SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                          SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md.cp310-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):4.82516630102953
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:700fK74ACb0xx2uKynu10YLsgxwJiUNiL0U5IZsJFPGDtCFOCQAASmHcX6g8H4ao:QFCk2z1/t12iwU5usJFqCyVcqgg
                                                                                                                                                                                          MD5:F4F7F634791F26FC62973350D5F89D9A
                                                                                                                                                                                          SHA1:6BE643BD21C74ED055B5A1B939B1F64B055D4673
                                                                                                                                                                                          SHA-256:45A043C4B7C6556F2ACFC827F2FF379365088C3479E8EE80C7F0A2CEB858DCC6
                                                                                                                                                                                          SHA-512:4325807865A76427D05039A2922F853287D420BCEBDA81F63A95BF58502E7DA0489060C4B6F6FFD65AA294E1E1C1F64560ADD5F024355922103C88B2CF1FD79B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....................X...................................^............................4...........Rich....................PE..d...c#.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):122368
                                                                                                                                                                                          Entropy (8bit):5.903697891709302
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:5ewkbk74PoxchHGTm/SCtg5MbfFPjPNoSLn2dkp2A/2pQKP:5endPox6HGTOLtg6bfFhDLkkCpQK
                                                                                                                                                                                          MD5:47EE4516407B6DE6593A4996C3AE35E0
                                                                                                                                                                                          SHA1:293224606B31E45B10FB67E997420844AE3FE904
                                                                                                                                                                                          SHA-256:F646C3B72B5E7C085A66B4844B5AD7A9A4511D61B2D74153479B32C7AE0B1A4C
                                                                                                                                                                                          SHA-512:EFA245C6DB2AEE2D9DB7F99E33339420E54F371A17AF0CF7694DAF51D45AEBFBAC91FC52DDB7C53E9FC73B43C67D8D0A2CAA15104318E392C8987A0DAD647B81
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........VyR.7...7...7...O...7.......7...O...7.......7.......7.......7..JB...7...7..b7......7......7......7......7..Rich.7..........PE..d...b#.g.........." ...).6...........7.......................................0............`......................................... ...d.................................... ......@...................................@............P...............................text...(4.......6.................. ..`.rdata...Y...P...Z...:..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11358
                                                                                                                                                                                          Entropy (8bit):4.4267168336581415
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                          MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                          SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                          SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                          SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4648
                                                                                                                                                                                          Entropy (8bit):5.006900644756252
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                          MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                          SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                          SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                          SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2518
                                                                                                                                                                                          Entropy (8bit):5.6307766747793275
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                          MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                          SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                          SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                          SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):91
                                                                                                                                                                                          Entropy (8bit):4.687870576189661
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                          MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                          SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                          SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                          SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):19
                                                                                                                                                                                          Entropy (8bit):3.536886723742169
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                          MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                          SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                          SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                          SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:importlib_metadata.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1335
                                                                                                                                                                                          Entropy (8bit):4.226823573023539
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                          MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                          SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                          SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                          SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\libcrypto-1_1.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3439512
                                                                                                                                                                                          Entropy (8bit):6.096012359425593
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:98304:kw+jlHDGV+EafwAlViBksm1CPwDv3uFfJ1:1slHDG2fwAriXm1CPwDv3uFfJ1
                                                                                                                                                                                          MD5:AB01C808BED8164133E5279595437D3D
                                                                                                                                                                                          SHA1:0F512756A8DB22576EC2E20CF0CAFEC7786FB12B
                                                                                                                                                                                          SHA-256:9C0A0A11629CCED6A064932E95A0158EE936739D75A56338702FED97CB0BAD55
                                                                                                                                                                                          SHA-512:4043CDA02F6950ABDC47413CFD8A0BA5C462F16BCD4F339F9F5A690823F4D0916478CAB5CAE81A3D5B03A8A196E17A716B06AFEE3F92DEC3102E3BBC674774F2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........R.m.R.m.R.m.[...@.m.0.l.P.m.0.h.^.m.0.i.Z.m.0.n.V.m.R.l..m..l.Y.m...n.O.m...i.+.m...m.S.m....S.m...o.S.m.RichR.m.........................PE..d...`.0b.........." ......$...................................................5......4...`..........................................x/..h...:4.@....p4.|....p2.8....\4.......4..O....,.8...........................`.,.@............04..............................text.....$.......$................. ..`.rdata........$.......$.............@..@.data...!z....1..,....1.............@....pdata.......p2.......1.............@..@.idata..^#...04..$....3.............@..@.00cfg..u....`4.......3.............@..@.rsrc...|....p4.......3.............@..@.reloc...y....4..z....3.............@..B................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\libffi-7.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):32792
                                                                                                                                                                                          Entropy (8bit):6.3566777719925565
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:2nypDwZH1XYEMXvdQOsNFYzsQDELCvURDa7qscTHstU0NsICwHLZxXYIoBneEAR8:2l0Vn5Q28J8qsqMttktDxOpWDG4yKRF
                                                                                                                                                                                          MD5:EEF7981412BE8EA459064D3090F4B3AA
                                                                                                                                                                                          SHA1:C60DA4830CE27AFC234B3C3014C583F7F0A5A925
                                                                                                                                                                                          SHA-256:F60DD9F2FCBD495674DFC1555EFFB710EB081FC7D4CAE5FA58C438AB50405081
                                                                                                                                                                                          SHA-512:DC9FF4202F74A13CA9949A123DFF4C0223DA969F49E9348FEAF93DA4470F7BE82CFA1D392566EAAA836D77DDE7193FED15A8395509F72A0E9F97C66C0A096016
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......6.3.r}]Ar}]Ar}]A{..Ap}]A .\@p}]A..\@q}]Ar}\AU}]A .X@~}]A .Y@z}]A .^@q}]A..Y@t}]A..^@s}]A..]@s}]A.._@s}]ARichr}]A........................PE..d......].........." .....F...$.......I....................................................`..........................................j.......m..P....................f...............b...............................b...............`.. ............................text....D.......F.................. ..`.rdata..H....`.......J..............@..@.data................^..............@....pdata...............`..............@..@.reloc...............d..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\libssl-1_1.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):698784
                                                                                                                                                                                          Entropy (8bit):5.533720236597082
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:waXWJ978LddzAPcWTWxYx2OCf2QmAr39Zu+DIpEpXKWRq0qwMUxQU2lvz:dddzAjKnD/QGXKzpwMUCU2lvz
                                                                                                                                                                                          MD5:DE72697933D7673279FB85FD48D1A4DD
                                                                                                                                                                                          SHA1:085FD4C6FB6D89FFCC9B2741947B74F0766FC383
                                                                                                                                                                                          SHA-256:ED1C8769F5096AFD000FC730A37B11177FCF90890345071AB7FBCEAC684D571F
                                                                                                                                                                                          SHA-512:0FD4678C65DA181D7C27B19056D5AB0E5DD0E9714E9606E524CDAD9E46EC4D0B35FE22D594282309F718B30E065F6896674D3EDCE6B3B0C8EB637A3680715C2C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......{.T.?.:.?.:.?.:.6f..3.:.]f;.=.:..l;.=.:.]f?.3.:.]f>.7.:.]f9.;.:..g;.<.:.?.;...:..g>...:..g:.>.:..g.>.:..g8.>.:.Rich?.:.........PE..d.....0b.........." .....<...T......<................................................[....`.........................................00...N..HE..........s.......|M..............h... ...8...............................@............0..H............................text....:.......<.................. ..`.rdata..:....P...0...@..............@..@.data...AM.......D...p..............@....pdata..dV.......X..................@..@.idata..PW...0...X..................@..@.00cfg..u............d..............@..@.rsrc...s............f..............@..@.reloc..a............n..............@..B................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\mfc140u.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):6065952
                                                                                                                                                                                          Entropy (8bit):6.6463891622960976
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:Z+Uw5pDgPAnxE5I0UEjmCfK+KvqvH+K26AnLzYJMKDBONlPElQPcukuSwIbFLOAB:wc1AnqGnEuoFLOAkGkzdnEVomFHKnPg
                                                                                                                                                                                          MD5:639DB7FE67E2E15D069A62C0EF4A971C
                                                                                                                                                                                          SHA1:BDBF2517678F9066C4553E6FDACE0A366929185C
                                                                                                                                                                                          SHA-256:760308CF8BEDAEBC4500049622D08DDCACA0024ACBD3B6BDCA1618EC48A91597
                                                                                                                                                                                          SHA-512:83CD3E89DDAC3915686BCEEC25654F0A35FE66A1C27D95BCFD3B44BDC01DED0DF9BEB525E0604522F61D58183546AF63FFDD60F90E5BFFD648774169832D2335
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...................................(...........!..L.!This program cannot be run in DOS mode....$.........Y.J.7.J.7.J.7..2..K.7..2.K.7..2.H.7..2.._.7.C...^.7.q.6.H.7.q.3.F.7.q.2.\.7..2..Y.7.J.6.J.7.q.4.L.7.q.>...7.q.7.K.7.q..K.7.q.5.K.7.RichJ.7.........................PE..d....Z.........." .....R0...,..............................................0]......J]...`A........................................@.A.......A...... F.......C..O...P\. ?....[..o.. t5.8...................Xt5.(....u1..............p0.P.....@......................text....P0......R0................. ..`.rdata..B....p0......V0.............@..@.data...pi...@B...... B.............@....pdata...O....C..P....B.............@..@.didat..H.....F......@E.............@....tls..........F......FE.............@....rsrc........ F......HE.............@..@.reloc...o....[..p....Z.............@..B........................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\psutil\_psutil_windows.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):67072
                                                                                                                                                                                          Entropy (8bit):5.909456553599775
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:j3sHmR02IvVxv7WCyKm7c5Th4JBHTOvyyaZE:jnIvryCyKx5Th4J5OvyyO
                                                                                                                                                                                          MD5:49AC12A1F10AB93FAFAB064FD0523A63
                                                                                                                                                                                          SHA1:3AD6923AB0FB5D3DD9D22ED077DB15B42C2FBD4F
                                                                                                                                                                                          SHA-256:BA033B79E858DBFCBA6BF8FB5AFE10DEFD1CB03957DBBC68E8E62E4DE6DF492D
                                                                                                                                                                                          SHA-512:1BC0F50E0BB0A9D9DDDAD31390E5C73B0D11C2B0A8C5462065D477E93FF21F7EDC7AA2B2B36E478BE0A797A38F43E3FBEB6AAABEF0BADEC1D8D16EB73DF67255
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......nT..*5..*5..*5..#M2. 5..x@..(5..x@..&5..x@.."5..x@...5...k..(5..aM..;5..*5...5...@..:5...@..+5...@^.+5...@..+5..Rich*5..................PE..d...._.g.........." .........h......\........................................@............`.........................................0...`.......@.... .......................0..(.......................................8............................................text...h........................... ..`.rdata..\I.......J..................@..@.data...x...........................@....pdata..............................@..@.rsrc........ ......................@..@.reloc..(....0......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\pyexpat.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):198568
                                                                                                                                                                                          Entropy (8bit):6.360283939217406
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:rkPTemtXBsiLC/QOSL6XZIMuPbBV3Dy9zeL9ef93d1BVdOd8dVyio0OwUpz1RPoi:AKmVG/pxIMuPbBFEFDBwpp2W
                                                                                                                                                                                          MD5:6BC89EBC4014A8DB39E468F54AAAFA5E
                                                                                                                                                                                          SHA1:68D04E760365F18B20F50A78C60CCFDE52F7FCD8
                                                                                                                                                                                          SHA-256:DBE6E7BE3A7418811BD5987B0766D8D660190D867CD42F8ED79E70D868E8AA43
                                                                                                                                                                                          SHA-512:B7A6A383EB131DEB83EEE7CC134307F8545FB7D043130777A8A9A37311B64342E5A774898EDD73D80230AB871C4D0AA0B776187FA4EDEC0CCDE5B9486DBAA626
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......O...........6...k.....k.....k.....k.....o............|.o.....o.....o.Z...o.....Rich..................PE..d....K.b.........." ... ............0................................................0....`.........................................`...P................................)..........@6..T............................5..@............ ...............................text...K........................... ..`.rdata....... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\python3.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):64936
                                                                                                                                                                                          Entropy (8bit):6.1037683983631625
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:kD8LeBLeeFtp5V1BfO2yvSk70QZF1nEyjnskQkr/RFB1qucwdBeCw0myou6ZwJqL:kDwewnvtjnsfwaVISQ0a7SydEnn
                                                                                                                                                                                          MD5:07BD9F1E651AD2409FD0B7D706BE6071
                                                                                                                                                                                          SHA1:DFEB2221527474A681D6D8B16A5C378847C59D33
                                                                                                                                                                                          SHA-256:5D78CD1365EA9AE4E95872576CFA4055342F1E80B06F3051CF91D564B6CD09F5
                                                                                                                                                                                          SHA-512:DEF31D2DF95CB7999CE1F55479B2FF7A3CB70E9FC4778FC50803F688448305454FBBF82B5A75032F182DFF663A6D91D303EF72E3D2CA9F2A1B032956EC1A0E2A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........f..A.e.A.e.A.e.%}m.@.e.%}e.@.e.%}..@.e.%}g.@.e.RichA.e.........................PE..d....K.b.........." ... ..................................................................`.........................................`...`................................)..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\python310.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4493736
                                                                                                                                                                                          Entropy (8bit):6.465157771728023
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:5vL1txd/8sCmiAiPw+RxtLzli0Im3wOc+28Ivu31WfbF9PtF+FNDHaSclAaBlh7y:Dw7Ad07RmodacSeSHCMTbSp4PS
                                                                                                                                                                                          MD5:C80B5CB43E5FE7948C3562C1FFF1254E
                                                                                                                                                                                          SHA1:F73CB1FB9445C96ECD56B984A1822E502E71AB9D
                                                                                                                                                                                          SHA-256:058925E4BBFCB460A3C00EC824B8390583BAEF0C780A7C7FF01D43D9EEC45F20
                                                                                                                                                                                          SHA-512:FAA97A9D5D2A0BF78123F19F8657C24921B907268938C26F79E1DF6D667F7BEE564259A3A11022E8629996406CDA9FA00434BB2B1DE3E10B9BDDC59708DBAD81
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......+.o...o...o.......m.......b.......c.......g.......k...f.`.u......f...o...3..............n.......n.......n...Richo...................PE..d....K.b.........." ... ..#...!.....|!........................................E.....{.D...`..........................................G=.......>.|.....E.......B......hD..)....E..t...Q%.T...........................`P%.@.............#.0............................text.....#.......#................. ..`.rdata...\....#..^....#.............@..@.data... ....0>.......>.............@....pdata........B.. ....A.............@..@PyRuntim`.....D.......C.............@....rsrc.........E.......C.............@..@.reloc...t....E..v....C.............@..B................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\pythoncom310.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):556544
                                                                                                                                                                                          Entropy (8bit):6.015390811366772
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:ANPciA4K8pFTtd5giF7kvRQi+mpdfxpxlL1:+PbBK8pFTtd5giFmvb
                                                                                                                                                                                          MD5:B7ACFAD9F0F36E7CF8BFB0DD58360FFE
                                                                                                                                                                                          SHA1:8FA816D403F126F3326CB6C73B83032BB0590107
                                                                                                                                                                                          SHA-256:461328C988D4C53F84579FC0880C4A9382E14B0C8B830403100A2FA3DF0FD9A9
                                                                                                                                                                                          SHA-512:4FED8A9162A9A2EBC113EA44D461FB498F9F586730218D9C1CDDCD7C8C803CAD6DEA0F563B8D7533321ECB25F6153CA7C5777C314E7CB76D159E39E74C72D1B8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......s...7y.^7y.^7y.^>.[^=y.^.'._5y.^.'._5y.^.'._#y.^.'._?y.^.'._5y.^D.._:y.^..._5y.^D.._>y.^7y.^fx.^.'._fy.^.'._6y.^.'._6y.^Rich7y.^........PE..d......a.........." .....H...2.......6.......................................p............`.............................................@c...i.......@..l........p...........P..`.......T...........................P................`...............................text...LF.......H.................. ..`.rdata...3...`...4...L..............@..@.data............h..................@....pdata...p.......r..................@..@.gfids..4....0.......Z..............@..@.rsrc...l....@.......\..............@..@.reloc..`....P.......`..............@..B................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\pywintypes310.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):142336
                                                                                                                                                                                          Entropy (8bit):5.9648110046839244
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:iuNj4Vsl6Cj2CYrrC04pFiYDQcaSWvTidrSsu5:iuxqs9j2CYrrC0Ki5caS2TidrSD
                                                                                                                                                                                          MD5:F200CA466BF3B8B56A272460E0EE4ABC
                                                                                                                                                                                          SHA1:CA18E04F143424B06E0DF8D00D995C2873AA268D
                                                                                                                                                                                          SHA-256:A6700CA2BEE84C1A051BA4B22C0CDE5A6A5D3E35D4764656CFDC64639C2F6B77
                                                                                                                                                                                          SHA-512:29BF2425B665AF9D2F9FD7795BF2AB012AA96FAED9A1A023C86AFA0D2036CC6014B48116940FAD93B7DE1E8F4F93EB709CC9319439D7609B79FD8B92669B377D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........V.V.7...7...7...O$..7...i...7..b.p..7...i...7...i...7...i...7...U...7..f^...7...U...7...7...7..Vi...7..Vi...7..Vi...7..Rich.7..................PE..d...i..a.........." .........@......`.....................................................`..............................................H...........`..l....0..X............p.......h..T...........................0i..................h............................text...*........................... ..`.rdata..............................@..@.data....1.......0..................@....pdata..X....0......................@..@.gfids..4....P......."..............@..@.rsrc...l....`.......$..............@..@.reloc.......p.......(..............@..B........................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\select.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):29096
                                                                                                                                                                                          Entropy (8bit):6.4767692602677815
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:rPxHeWt+twhCBsHqF2BMXR6VIS7GuIYiSy1pCQkyw24i/8E9VFL2Ut8JU:ZeS+twhC6HqwmYVIS7GjYiSyv7VeEdH
                                                                                                                                                                                          MD5:ADC412384B7E1254D11E62E451DEF8E9
                                                                                                                                                                                          SHA1:04E6DFF4A65234406B9BC9D9F2DCFE8E30481829
                                                                                                                                                                                          SHA-256:68B80009AB656FFE811D680585FAC3D4F9C1B45F29D48C67EA2B3580EC4D86A1
                                                                                                                                                                                          SHA-512:F250F1236882668B2686BD42E1C334C60DA7ABEC3A208EBEBDEE84A74D7C4C6B1BC79EED7241BC7012E4EF70A6651A32AA00E32A83F402475B479633581E0B07
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........{?t..Q'..Q'..Q'.b.'..Q'.`P&..Q'.`T&..Q'.`U&..Q'.`R&..Q'.`P&..Q'..P'..Q'5hP&..Q'.`\&..Q'.`Q&..Q'.`.'..Q'.`S&..Q'Rich..Q'........................PE..d....K.b.........." ... .....2......................................................l.....`..........................................@..L....@..x....p.......`.......H...)......L....3..T............................2..@............0...............................text............................... ..`.rdata..H....0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\sqlite3.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1445800
                                                                                                                                                                                          Entropy (8bit):6.579172773828651
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24576:tU3g/eNVQHzcayG7b99ZSYR4eXj98nXMuVp+qbLKeq98srCIS:ck3hbEAp8X9Vp+2q2gI
                                                                                                                                                                                          MD5:926DC90BD9FAF4EFE1700564AA2A1700
                                                                                                                                                                                          SHA1:763E5AF4BE07444395C2AB11550C70EE59284E6D
                                                                                                                                                                                          SHA-256:50825EA8B431D86EC228D9FA6B643E2C70044C709F5D9471D779BE63FF18BCD0
                                                                                                                                                                                          SHA-512:A8703FF97243AA3BC877F71C0514B47677B48834A0F2FEE54E203C0889A79CE37C648243DBFE2EE9E1573B3CA4D49C334E9BFE62541653125861A5398E2FE556
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|{.............e.......g.......g.......g.......g......Po...............g.......g.......g.....g......Rich............PE..d....L.b.........." ... ..................................................... .......`....`..............................................!...................0...........)......|...Pg..T............................f..@............ ..(............................text............................... ..`.rdata..D.... ......................@..@.data...0A.......8..................@....pdata.......0......................@..@.rsrc...............................@..@.reloc..|...........................@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\unicodedata.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1121192
                                                                                                                                                                                          Entropy (8bit):5.384501252071814
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:bMYYMmuZ63NoQCb5Pfhnzr0ql8L8koM7IRG5eeme6VZyrIBHdQLhfFE+uz9O:AYYuXZV0m8wMMREtV6Vo4uYz9O
                                                                                                                                                                                          MD5:102BBBB1F33CE7C007AAC08FE0A1A97E
                                                                                                                                                                                          SHA1:9A8601BEA3E7D4C2FA6394611611CDA4FC76E219
                                                                                                                                                                                          SHA-256:2CF6C5DEA30BB0584991B2065C052C22D258B6E15384447DCEA193FDCAC5F758
                                                                                                                                                                                          SHA-512:A07731F314E73F7A9EA73576A89CCB8A0E55E53F9B5B82F53121B97B1814D905B17A2DA9BD2EDA9F9354FC3F15E3DEA7A613D7C9BC98C36BBA653743B24DFC32
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(..F...F...F......F..G...F..C...F..B...F..E...F...G...F.C.G...F...G...F...K...F...F...F.......F...D...F.Rich..F.........................PE..d....K.b.........." ... .B...........*.......................................@......Y.....`.............................................X...(........ ...................)...0......@b..T............................a..@............`..x............................text....A.......B.................. ..`.rdata......`.......F..............@..@.data...............................@....pdata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1107
                                                                                                                                                                                          Entropy (8bit):5.115074330424529
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                          MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                          SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                          SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                          SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2153
                                                                                                                                                                                          Entropy (8bit):5.088249746074878
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                          MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                          SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                          SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                          SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4557
                                                                                                                                                                                          Entropy (8bit):5.714200636114494
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                          MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                          SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                          SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                          SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                          Entropy (8bit):4.672346887071811
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                          MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                          SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                          SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                          SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):104
                                                                                                                                                                                          Entropy (8bit):4.271713330022269
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                          MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                          SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                          SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                          SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\win32api.cp310-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):134656
                                                                                                                                                                                          Entropy (8bit):5.84231912519238
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:UTqjiGbjKyRYDoe/hnLbAZ4l39KxN36w/Ii/MVjmzuQrEZ5nOmdZsQ/:DKyRCoe/joxNqw/v/MVjOu7VOI
                                                                                                                                                                                          MD5:EC7C48EA92D9FF0C32C6D87EE8358BD0
                                                                                                                                                                                          SHA1:A67A417FDB36C84871D0E61BFB1015CB30C9898A
                                                                                                                                                                                          SHA-256:A0F3CC0E98BEA5A598E0D4367272E4C65BF446F21932DC2A051546B098D6CE62
                                                                                                                                                                                          SHA-512:C06E3C0260B918509947A89518D55F0CB03CB19FC28D9E7ED9E3F837D71DF31154F0093929446A93A7C7DA1293FFD0CC69547E2540F15E3055FE1D12D837F935
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........A$. J.. J.. J..X.. J..~K.. J..~I.. J..~N.. J.&~K.. J..IK.. J..~O.. J..BK.. J.. K..!J.&~O.. J.&~J.. J.&~H.. J.Rich. J.........................PE..d......a.........." .........................................................`............`.........................................`................@.......................P.......~..T...........................P}............... .........@....................text............................... ..`.rdata..r.... ......................@..@.data....#......."..................@....pdata..............................@..@.gfids..4....0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\win32trace.cp310-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):22528
                                                                                                                                                                                          Entropy (8bit):5.158789189249445
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:6urA4fVFfFRGFV8fuL0G0T84Q9NNNIRV0KlnOjUgx908x8J:F7XsF9NNNIR2Eny908x8
                                                                                                                                                                                          MD5:E726734D5D2E42CF0861D24BCF741B09
                                                                                                                                                                                          SHA1:6AF8A994AD84259F7CF2A8F452B55AE44264BCC6
                                                                                                                                                                                          SHA-256:3592ABD55C972C9DFE2BAC104FBE3E1B4D1E392A3D29D7C5DB3745A624FA6FF4
                                                                                                                                                                                          SHA-512:2B60EDD06124C8F053D4573328697A9AF4D6EB077DCDBF833BA3E6DB574A7C32ABF1C72530C43CCBDE313A59066393DADAF2AAE8A7CC3FDB156ADD894D898542
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................."..........................................................................Rich............PE..d...~..a.........." .....&.......... (....................................................`.........................................pP..d....P...............p..`...............x....H..T...........................0I...............@...............................text....%.......&.................. ..`.rdata..|....@.......*..............@..@.data........`.......F..............@....pdata..`....p.......L..............@..@.gfids...............P..............@..@.rsrc................R..............@..@.reloc..x............V..............@..B........................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI49962\win32ui.cp310-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1427456
                                                                                                                                                                                          Entropy (8bit):5.324047632064682
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:gAEcgh+WcQNWxzi7HE699jXRZbkGX/VqtpkZAJRb8tUTfU2Bz:DEcvVGWQhHFNWBJ9H
                                                                                                                                                                                          MD5:9BF4110256A7B953AFA9D43A3E0944BB
                                                                                                                                                                                          SHA1:0D605B4D5FED9F7861C440B62BB02181E39EFA2B
                                                                                                                                                                                          SHA-256:484C51248076FB77A6FC5FB512A37BB404025568CDC8702D252DF2191DC720A4
                                                                                                                                                                                          SHA-512:07740EB7AE3B6D1091064AA2E550515D9AEC0C021B316E4BB9EFD21984322C7765F84A9110C1FCB59164B529FFB04C2B6D6611AB55C764D5D360B27F094A120C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........G..............C.....................................................8...........]...................../.............Rich....................PE..d.../..a.........." .....x...L............................................................`..........................................`...T......h............0............... ..P]......T......................(...@....................0...........................text... w.......x.................. ..`.rdata...w.......x...|..............@..@.data...............................@....pdata.......0......................@..@.gfids..@............L..............@..@.tls.................N..............@....rsrc................P..............@..@.reloc..P]... ...^...j..............@..B................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\cfg9ri6h

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text, with no line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):2.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:qn:qn
                                                                                                                                                                                          MD5:3F1D1D8D87177D3D8D897D7E421F84D6
                                                                                                                                                                                          SHA1:DD082D742A5CB751290F1DB2BD519C286AA86D95
                                                                                                                                                                                          SHA-256:F02285FB90ED8C81531FE78CF4E2ABB68A62BE73EE7D317623E2C3E3AEFDFFF2
                                                                                                                                                                                          SHA-512:2AE2B3936F31756332CA7A4B877D18F3FCC50E41E9472B5CD45A70BEA82E29A0FA956EE6A9EE0E02F23D9DB56B41D19CB51D88AAC06E9C923A820A21023752A9
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:blat

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmpnbj2t0xl\gen_py\__init__.py

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):176
                                                                                                                                                                                          Entropy (8bit):4.713840781302666
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:S3yE25MOWrYXtHVE/DRFrgm5/gvJgXDLAUDA+ERo6+aEYqVS1f6gq1WGgVSBn:S3mSOWWHVUDjrgmxgRgzLXDA6Va8VeuR
                                                                                                                                                                                          MD5:8C7CA775CF482C6027B4A2D3DB0F6A31
                                                                                                                                                                                          SHA1:E3596A87DD6E81BA7CF43B0E8E80DA5BC823EA1A
                                                                                                                                                                                          SHA-256:52C72CF96B12AE74D84F6C049775DA045FAE47C007DC834CA4DAC607B6F518EA
                                                                                                                                                                                          SHA-512:19C7D229723249885B125121B3CC86E8C571360C1FB7F2AF92B251E6354A297B4C2B9A28E708F2394CA58C35B20987F8B65D9BD6543370F063BBD59DB4A186AC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:# Generated file - this directory may be deleted to reset the COM cache.....import win32com..if __path__[:-1] != win32com.__gen_path__: __path__.append(win32com.__gen_path__)..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\tmpnbj2t0xl\gen_py\dicts.dat

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          File Type:data
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10
                                                                                                                                                                                          Entropy (8bit):2.7219280948873625
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:qW6:qW6
                                                                                                                                                                                          MD5:2C7344F3031A5107275CE84AED227411
                                                                                                                                                                                          SHA1:68ACAD72A154CBE8B2D597655FF84FD31D57C43B
                                                                                                                                                                                          SHA-256:83CDA9FECC9C008B22C0C8E58CBCBFA577A3EF8EE9B2F983ED4A8659596D5C11
                                                                                                                                                                                          SHA-512:F58362C70A2017875D231831AE5868DF22D0017B00098A28AACB5753432E8C4267AA7CBF6C5680FEB2DC9B7ABADE5654C3651685167CC26AA208A9EB71528BB6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:..K....}..

                                                                                                                                                                                          Static File Info

                                                                                                                                                                                          General

                                                                                                                                                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Entropy (8bit):2.3256660439128454
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                          File name:file.exe
                                                                                                                                                                                          File size:73'234'407 bytes
                                                                                                                                                                                          MD5:3bdc36e2200bc628897c8793258ebc6e
                                                                                                                                                                                          SHA1:29d5df5a5edf6f320b21c4d68a87d5d1b8972326
                                                                                                                                                                                          SHA256:333eaf5f70f47462a5cf35bf52f636f64a2e9380565b87ca2243c9fdb4f8f91c
                                                                                                                                                                                          SHA512:1409cf9639041a0dd14390aa80a01ed35690576e993e45c5d6118873c7b387266853e29c08d1a99d357a3c4637374f37e1a8600f730a822222481ceaa8ec10c2
                                                                                                                                                                                          SSDEEP:393216:KSatY8L2Vmd6melh2pdc/e+7G99Yuv/v996g9mJJE:KSai8yVmdKQpdu2n1vyE
                                                                                                                                                                                          TLSH:FEF73340169006CAF7A685338877D527AB76F85A5F97CA4FC71C86200FB31E79D72BA0
                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......'X.8c9.kc9.kc9.kwR.jh9.kwR.jd9.kwR.j.9.k.V#kg9.k1L.jE9.k1L.jr9.k1L.jj9.kwR.jh9.kc9.k.9.k.L.jp9.k.L.jb9.kRichc9.k...............

                                                                                                                                                                                          File Icon

                                                                                                                                                                                          Icon Hash:90cececece8e8eb0

                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                          General

                                                                                                                                                                                          Entrypoint:0x14000a8c8
                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                          Time Stamp:0x675C0A79 [Fri Dec 13 10:20:41 2024 UTC]
                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                          OS Version Major:5
                                                                                                                                                                                          OS Version Minor:2
                                                                                                                                                                                          File Version Major:5
                                                                                                                                                                                          File Version Minor:2
                                                                                                                                                                                          Subsystem Version Major:5
                                                                                                                                                                                          Subsystem Version Minor:2
                                                                                                                                                                                          Import Hash:c5640c7a22008f949f9bc94a27623f95

                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                          Instruction
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                          call 00007F499C7FDDECh
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                          jmp 00007F499C7FD76Fh
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          inc eax
                                                                                                                                                                                          push ebx
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          sub esp, 20h
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov ebx, ecx
                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                          call dword ptr [0001A8D3h]
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov ecx, ebx
                                                                                                                                                                                          call dword ptr [0001A8C2h]
                                                                                                                                                                                          call dword ptr [0001A83Ch]
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov ecx, eax
                                                                                                                                                                                          mov edx, C0000409h
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          add esp, 20h
                                                                                                                                                                                          pop ebx
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          jmp dword ptr [0001A8B8h]
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov dword ptr [esp+08h], ecx
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          sub esp, 38h
                                                                                                                                                                                          mov ecx, 00000017h
                                                                                                                                                                                          call dword ptr [0001A8ACh]
                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                          je 00007F499C7FD8F9h
                                                                                                                                                                                          mov ecx, 00000002h
                                                                                                                                                                                          int 29h
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          lea ecx, dword ptr [0003B6DAh]
                                                                                                                                                                                          call 00007F499C7FDABEh
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov eax, dword ptr [esp+38h]
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov dword ptr [0003B7C1h], eax
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          lea eax, dword ptr [esp+38h]
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          add eax, 08h
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov dword ptr [0003B751h], eax
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov eax, dword ptr [0003B7AAh]
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov dword ptr [0003B61Bh], eax
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov eax, dword ptr [esp+40h]
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov dword ptr [0003B71Fh], eax
                                                                                                                                                                                          mov dword ptr [0003B5F5h], C0000409h
                                                                                                                                                                                          mov dword ptr [0003B5EFh], 00000001h
                                                                                                                                                                                          mov dword ptr [0003B5F9h], 00000001h

                                                                                                                                                                                          Data Directories

                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x35b180x78.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x4b0000x5fc.rsrc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x480000x1de8.pdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x4c0000x748.reloc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x339200x1c.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x339400x138.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x250000x3e8.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                          Sections

                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                          .text0x10000x235d00x23600050ad070d74c0ab2baca6ee9c3b61b5dFalse0.5690426236749117data6.471510843579973IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rdata0x250000x118980x11a00ba4c03578b22d21c7e8b61dd8179daf2False0.49566433953900707PGP symmetric key encrypted data - Plaintext or unencrypted data5.7117494596864IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .data0x370000x103980xc00b88590ca230f956ba7b5bffcbee69475False0.138671875data1.8589891596226968IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                          .pdata0x480000x1de80x1e00626ab1518bc3687e03dacd39bbfde649False0.4921875data5.392285019157171IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          _RDATA0x4a0000xf40x2003fa4bb815d2865eb13ca6b140ccf210fFalse0.302734375data1.9616758456060694IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rsrc0x4b0000x5fc0x6007b57a006751b4a58e7404db6abf96240False0.458984375data5.394762320788471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .reloc0x4c0000x7480x800ab10229e6319ea5b4dde9f2a80ec60f0False0.55322265625data5.222259043944798IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                          Resources

                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                          RT_MANIFEST0x4b0580x5a2XML 1.0 document, ASCII text, with CRLF line terminators0.44937586685159503

                                                                                                                                                                                          Imports

                                                                                                                                                                                          DLLImport
                                                                                                                                                                                          USER32.dllCreateWindowExW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                          KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, FlushFileBuffers, GetCurrentDirectoryW, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, GetLastError, SetDllDirectoryW, GetModuleFileNameW, GetProcAddress, GetEnvironmentStringsW, GetEnvironmentVariableW, SetEnvironmentVariableW, ExpandEnvironmentStringsW, CreateDirectoryW, GetTempPathW, WaitForSingleObject, Sleep, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LoadLibraryExW, CloseHandle, GetCurrentProcess, LocalFree, FormatMessageW, MultiByteToWideChar, WideCharToMultiByte, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, GetCommandLineW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, RaiseException, GetCommandLineA, CreateFileW, GetDriveTypeW, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetFullPathNameW, RemoveDirectoryW, FindClose, FindFirstFileExW, FindNextFileW, SetStdHandle, SetConsoleCtrlHandler, DeleteFileW, ReadFile, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, CompareStringW, LCMapStringW
                                                                                                                                                                                          ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                          GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Dec 13, 2024 12:14:05.620031118 CET49731443192.168.2.4172.67.192.146
                                                                                                                                                                                          Dec 13, 2024 12:14:05.620117903 CET44349731172.67.192.146192.168.2.4
                                                                                                                                                                                          Dec 13, 2024 12:14:05.620213032 CET49731443192.168.2.4172.67.192.146
                                                                                                                                                                                          Dec 13, 2024 12:14:05.621074915 CET49731443192.168.2.4172.67.192.146
                                                                                                                                                                                          Dec 13, 2024 12:14:05.621099949 CET44349731172.67.192.146192.168.2.4
                                                                                                                                                                                          Dec 13, 2024 12:14:06.855485916 CET44349731172.67.192.146192.168.2.4
                                                                                                                                                                                          Dec 13, 2024 12:14:06.856352091 CET49731443192.168.2.4172.67.192.146
                                                                                                                                                                                          Dec 13, 2024 12:14:06.856384039 CET44349731172.67.192.146192.168.2.4
                                                                                                                                                                                          Dec 13, 2024 12:14:06.858515024 CET44349731172.67.192.146192.168.2.4
                                                                                                                                                                                          Dec 13, 2024 12:14:06.858614922 CET49731443192.168.2.4172.67.192.146
                                                                                                                                                                                          Dec 13, 2024 12:14:06.859258890 CET49731443192.168.2.4172.67.192.146
                                                                                                                                                                                          Dec 13, 2024 12:14:06.859426022 CET49731443192.168.2.4172.67.192.146

                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Dec 13, 2024 12:14:05.224145889 CET5865153192.168.2.41.1.1.1
                                                                                                                                                                                          Dec 13, 2024 12:14:05.546197891 CET53586511.1.1.1192.168.2.4

                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                          Dec 13, 2024 12:14:05.224145889 CET192.168.2.41.1.1.10xa44eStandard query (0)xxxs.mediafirex.siteA (IP address)IN (0x0001)false

                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                          Dec 13, 2024 12:14:05.546197891 CET1.1.1.1192.168.2.40xa44eNo error (0)xxxs.mediafirex.site172.67.192.146A (IP address)IN (0x0001)false
                                                                                                                                                                                          Dec 13, 2024 12:14:05.546197891 CET1.1.1.1192.168.2.40xa44eNo error (0)xxxs.mediafirex.site104.21.36.105A (IP address)IN (0x0001)false

                                                                                                                                                                                          Statistics

                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                          Behavior

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          System Behavior

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                          Start time:06:13:57
                                                                                                                                                                                          Start date:13/12/2024
                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                          Imagebase:0x7ff7227e0000
                                                                                                                                                                                          File size:73'234'407 bytes
                                                                                                                                                                                          MD5 hash:3BDC36E2200BC628897C8793258EBC6E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                          Start time:06:14:00
                                                                                                                                                                                          Start date:13/12/2024
                                                                                                                                                                                          Path:C:\Users\user\Desktop\file.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                                                                                          Imagebase:0x7ff7227e0000
                                                                                                                                                                                          File size:73'234'407 bytes
                                                                                                                                                                                          MD5 hash:3BDC36E2200BC628897C8793258EBC6E
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                          Start time:06:14:02
                                                                                                                                                                                          Start date:13/12/2024
                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c "ver"
                                                                                                                                                                                          Imagebase:0x7ff624a90000
                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                          Start time:06:14:02
                                                                                                                                                                                          Start date:13/12/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff7699e0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          Disassembly

                                                                                                                                                                                          Reset < >

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:12.3%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:13.4%
                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                            Total number of Limit Nodes:67
                                                                                                                                                                                            execution_graph 17521 7ff72280449d 17524 7ff7227efbac LeaveCriticalSection 17521->17524 17690 7ff7227f4534 17693 7ff7227f44b8 17690->17693 17700 7ff7227faf44 EnterCriticalSection 17693->17700 17354 7ff7227f1dac 17355 7ff7227f1e13 17354->17355 17356 7ff7227f1dda 17354->17356 17355->17356 17357 7ff7227f1e18 FindFirstFileExW 17355->17357 17358 7ff7227efc70 _get_daylight 13 API calls 17356->17358 17359 7ff7227f1e81 17357->17359 17360 7ff7227f1e3a GetLastError 17357->17360 17361 7ff7227f1ddf 17358->17361 17414 7ff7227f201c 17359->17414 17362 7ff7227f1e45 17360->17362 17363 7ff7227f1e54 17360->17363 17364 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17361->17364 17367 7ff7227f1e71 17362->17367 17371 7ff7227f1e61 17362->17371 17372 7ff7227f1e4f 17362->17372 17368 7ff7227efc70 _get_daylight 13 API calls 17363->17368 17369 7ff7227f1dea 17364->17369 17373 7ff7227efc70 _get_daylight 13 API calls 17367->17373 17368->17369 17376 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17369->17376 17370 7ff7227f201c _wfindfirst32i64 10 API calls 17374 7ff7227f1ea7 17370->17374 17375 7ff7227efc70 _get_daylight 13 API calls 17371->17375 17372->17363 17372->17367 17373->17369 17377 7ff7227f201c _wfindfirst32i64 10 API calls 17374->17377 17375->17369 17378 7ff7227f1dfe 17376->17378 17379 7ff7227f1eb5 17377->17379 17380 7ff7227fb0d4 _wfindfirst32i64 30 API calls 17379->17380 17381 7ff7227f1ed3 17380->17381 17381->17369 17382 7ff7227f1edf 17381->17382 17383 7ff7227f5984 _wfindfirst32i64 17 API calls 17382->17383 17384 7ff7227f1ef3 17383->17384 17385 7ff7227f1f1d 17384->17385 17387 7ff7227f1f5c FindNextFileW 17384->17387 17386 7ff7227efc70 _get_daylight 13 API calls 17385->17386 17388 7ff7227f1f22 17386->17388 17389 7ff7227f1f6b GetLastError 17387->17389 17390 7ff7227f1fac 17387->17390 17391 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17388->17391 17393 7ff7227f1f85 17389->17393 17394 7ff7227f1f76 17389->17394 17392 7ff7227f201c _wfindfirst32i64 10 API calls 17390->17392 17395 7ff7227f1f2d 17391->17395 17396 7ff7227f1fc4 17392->17396 17398 7ff7227efc70 _get_daylight 13 API calls 17393->17398 17397 7ff7227f1f9f 17394->17397 17402 7ff7227f1f92 17394->17402 17403 7ff7227f1f80 17394->17403 17399 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17395->17399 17401 7ff7227f201c _wfindfirst32i64 10 API calls 17396->17401 17400 7ff7227efc70 _get_daylight 13 API calls 17397->17400 17398->17395 17404 7ff7227f1f40 17399->17404 17400->17395 17405 7ff7227f1fd2 17401->17405 17406 7ff7227efc70 _get_daylight 13 API calls 17402->17406 17403->17393 17403->17397 17407 7ff7227f201c _wfindfirst32i64 10 API calls 17405->17407 17406->17395 17408 7ff7227f1fe0 17407->17408 17409 7ff7227fb0d4 _wfindfirst32i64 30 API calls 17408->17409 17410 7ff7227f1ffe 17409->17410 17410->17395 17411 7ff7227f2006 17410->17411 17412 7ff7227f5984 _wfindfirst32i64 17 API calls 17411->17412 17413 7ff7227f201a 17412->17413 17415 7ff7227f2034 17414->17415 17416 7ff7227f203a FileTimeToSystemTime 17414->17416 17415->17416 17418 7ff7227f205f 17415->17418 17417 7ff7227f2049 SystemTimeToTzSpecificLocalTime 17416->17417 17416->17418 17417->17418 17419 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17418->17419 17420 7ff7227f1e99 17419->17420 17420->17370 17446 7ff7227ecca8 17447 7ff7227ecced 17446->17447 17448 7ff7227eccca 17446->17448 17447->17448 17450 7ff7227eccf2 17447->17450 17449 7ff7227efc70 _get_daylight 13 API calls 17448->17449 17451 7ff7227ecccf 17449->17451 17459 7ff7227efba0 EnterCriticalSection 17450->17459 17453 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17451->17453 17455 7ff7227eccda 17453->17455 16731 7ff7227e90c0 16732 7ff7227e90ee 16731->16732 16733 7ff7227e90d5 16731->16733 16733->16732 16735 7ff7227f7d90 14 API calls 16733->16735 16734 7ff7227e9148 16735->16734 16736 7ff7227fb13c 16737 7ff7227fb160 16736->16737 16743 7ff7227fb174 16736->16743 16738 7ff7227efc70 _get_daylight 13 API calls 16737->16738 16740 7ff7227fb165 16738->16740 16739 7ff7227fb40e 16741 7ff7227efc70 _get_daylight 13 API calls 16739->16741 16778 7ff7227fb243 16741->16778 16742 7ff7227fb1b7 16745 7ff7227fb213 16742->16745 16747 7ff7227fb1dd 16742->16747 16752 7ff7227fb207 16742->16752 16743->16739 16743->16742 16851 7ff7227fb780 16743->16851 16748 7ff7227f9550 _get_daylight 13 API calls 16745->16748 16745->16778 16746 7ff7227fb2c1 16755 7ff7227fb2de 16746->16755 16760 7ff7227fb330 16746->16760 16866 7ff7227f4020 16747->16866 16751 7ff7227fb229 16748->16751 16754 7ff7227f59cc __free_lconv_num 13 API calls 16751->16754 16752->16746 16752->16778 16872 7ff7228016b0 16752->16872 16758 7ff7227fb237 16754->16758 16759 7ff7227f59cc __free_lconv_num 13 API calls 16755->16759 16756 7ff7227fb1eb 16756->16752 16762 7ff7227fb780 33 API calls 16756->16762 16757 7ff7227f59cc __free_lconv_num 13 API calls 16757->16740 16758->16752 16764 7ff7227f9550 _get_daylight 13 API calls 16758->16764 16758->16778 16761 7ff7227fb2e7 16759->16761 16763 7ff7227fdab0 33 API calls 16760->16763 16760->16778 16770 7ff7227fb2ec 16761->16770 16908 7ff7227fdab0 16761->16908 16762->16752 16765 7ff7227fb36b 16763->16765 16767 7ff7227fb262 16764->16767 16768 7ff7227f59cc __free_lconv_num 13 API calls 16765->16768 16771 7ff7227f59cc __free_lconv_num 13 API calls 16767->16771 16768->16770 16769 7ff7227fb318 16772 7ff7227f59cc __free_lconv_num 13 API calls 16769->16772 16773 7ff7227f9550 _get_daylight 13 API calls 16770->16773 16770->16778 16771->16752 16772->16770 16774 7ff7227fb3b5 16773->16774 16775 7ff7227fb3fc 16774->16775 16777 7ff7227f4c48 30 API calls 16774->16777 16776 7ff7227f59cc __free_lconv_num 13 API calls 16775->16776 16776->16778 16779 7ff7227fb3cc 16777->16779 16778->16757 16780 7ff7227fb3d0 16779->16780 16781 7ff7227fb447 16779->16781 16917 7ff7228017c8 16780->16917 16783 7ff7227f5984 _wfindfirst32i64 17 API calls 16781->16783 16784 7ff7227fb45b 16783->16784 16786 7ff7227fb484 16784->16786 16790 7ff7227fb498 16784->16790 16787 7ff7227efc70 _get_daylight 13 API calls 16786->16787 16789 7ff7227fb489 16787->16789 16788 7ff7227efc70 _get_daylight 13 API calls 16788->16775 16791 7ff7227fb72b 16790->16791 16793 7ff7227fb4d7 16790->16793 16836 7ff7227fb868 16790->16836 16792 7ff7227efc70 _get_daylight 13 API calls 16791->16792 16829 7ff7227fb562 16792->16829 16795 7ff7227fb531 16793->16795 16797 7ff7227fb4ff 16793->16797 16803 7ff7227fb525 16793->16803 16800 7ff7227fb559 16795->16800 16804 7ff7227f9550 _get_daylight 13 API calls 16795->16804 16795->16829 16796 7ff7227fb5e0 16807 7ff7227fb5fd 16796->16807 16813 7ff7227fb650 16796->16813 16936 7ff7227f405c 16797->16936 16801 7ff7227f9550 _get_daylight 13 API calls 16800->16801 16800->16803 16800->16829 16806 7ff7227fb584 16801->16806 16803->16796 16803->16829 16942 7ff722801570 16803->16942 16809 7ff7227fb54b 16804->16809 16805 7ff7227f59cc __free_lconv_num 13 API calls 16805->16789 16810 7ff7227f59cc __free_lconv_num 13 API calls 16806->16810 16811 7ff7227f59cc __free_lconv_num 13 API calls 16807->16811 16808 7ff7227fb50d 16808->16803 16815 7ff7227fb868 33 API calls 16808->16815 16812 7ff7227f59cc __free_lconv_num 13 API calls 16809->16812 16810->16803 16814 7ff7227fb606 16811->16814 16812->16800 16816 7ff7227fdab0 33 API calls 16813->16816 16813->16829 16819 7ff7227fdab0 33 API calls 16814->16819 16821 7ff7227fb60c 16814->16821 16815->16803 16817 7ff7227fb68c 16816->16817 16818 7ff7227f59cc __free_lconv_num 13 API calls 16817->16818 16818->16821 16820 7ff7227fb638 16819->16820 16822 7ff7227f59cc __free_lconv_num 13 API calls 16820->16822 16821->16821 16823 7ff7227f9550 _get_daylight 13 API calls 16821->16823 16821->16829 16822->16821 16824 7ff7227fb6d7 16823->16824 16825 7ff7227fb719 16824->16825 16827 7ff7227fb0d4 _wfindfirst32i64 30 API calls 16824->16827 16826 7ff7227f59cc __free_lconv_num 13 API calls 16825->16826 16826->16829 16828 7ff7227fb6ed 16827->16828 16830 7ff7227fb6f1 SetEnvironmentVariableW 16828->16830 16831 7ff7227fb769 16828->16831 16829->16805 16830->16825 16832 7ff7227fb714 16830->16832 16833 7ff7227f5984 _wfindfirst32i64 17 API calls 16831->16833 16834 7ff7227efc70 _get_daylight 13 API calls 16832->16834 16835 7ff7227fb77d 16833->16835 16834->16825 16837 7ff7227fb8a8 16836->16837 16843 7ff7227fb88b 16836->16843 16838 7ff7227f9550 _get_daylight 13 API calls 16837->16838 16846 7ff7227fb8cc 16838->16846 16839 7ff7227fb92d 16842 7ff7227f59cc __free_lconv_num 13 API calls 16839->16842 16840 7ff7227f4ca8 33 API calls 16841 7ff7227fb956 16840->16841 16842->16843 16843->16793 16844 7ff7227f9550 _get_daylight 13 API calls 16844->16846 16845 7ff7227f59cc __free_lconv_num 13 API calls 16845->16846 16846->16839 16846->16844 16846->16845 16847 7ff7227fb0d4 _wfindfirst32i64 30 API calls 16846->16847 16848 7ff7227fb93c 16846->16848 16850 7ff7227fb950 16846->16850 16847->16846 16849 7ff7227f5984 _wfindfirst32i64 17 API calls 16848->16849 16849->16850 16850->16840 16852 7ff7227fb7b5 16851->16852 16853 7ff7227fb79d 16851->16853 16854 7ff7227f9550 _get_daylight 13 API calls 16852->16854 16853->16742 16860 7ff7227fb7d9 16854->16860 16855 7ff7227fb83a 16858 7ff7227f59cc __free_lconv_num 13 API calls 16855->16858 16856 7ff7227f4ca8 33 API calls 16857 7ff7227fb864 16856->16857 16858->16853 16859 7ff7227f9550 _get_daylight 13 API calls 16859->16860 16860->16855 16860->16859 16861 7ff7227f59cc __free_lconv_num 13 API calls 16860->16861 16862 7ff7227f4c48 30 API calls 16860->16862 16863 7ff7227fb849 16860->16863 16865 7ff7227fb85e 16860->16865 16861->16860 16862->16860 16864 7ff7227f5984 _wfindfirst32i64 17 API calls 16863->16864 16864->16865 16865->16856 16867 7ff7227f4039 16866->16867 16868 7ff7227f4030 16866->16868 16867->16739 16867->16756 16868->16867 16966 7ff7227f3b2c 16868->16966 16873 7ff722800854 16872->16873 16874 7ff7228016bd 16872->16874 16875 7ff722800861 16873->16875 16880 7ff722800897 16873->16880 16876 7ff7227eda10 33 API calls 16874->16876 16878 7ff7227efc70 _get_daylight 13 API calls 16875->16878 16891 7ff722800808 16875->16891 16877 7ff7228016f1 16876->16877 16885 7ff722801707 16877->16885 16888 7ff72280171e 16877->16888 16903 7ff7228016f6 16877->16903 16881 7ff72280086b 16878->16881 16879 7ff7228008c1 16882 7ff7227efc70 _get_daylight 13 API calls 16879->16882 16880->16879 16884 7ff7228008e6 16880->16884 16886 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 16881->16886 16883 7ff7228008c6 16882->16883 16887 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 16883->16887 16892 7ff7227eda10 33 API calls 16884->16892 16906 7ff7228008d1 16884->16906 16889 7ff7227efc70 _get_daylight 13 API calls 16885->16889 16890 7ff722800876 16886->16890 16887->16906 16894 7ff72280173a 16888->16894 16895 7ff722801728 16888->16895 16893 7ff72280170c 16889->16893 16890->16752 16891->16752 16892->16906 16899 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 16893->16899 16897 7ff722801762 16894->16897 16898 7ff72280174b 16894->16898 16896 7ff7227efc70 _get_daylight 13 API calls 16895->16896 16900 7ff72280172d 16896->16900 17200 7ff722803410 16897->17200 17191 7ff7228008a4 16898->17191 16899->16903 16904 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 16900->16904 16903->16752 16904->16903 16906->16752 16907 7ff7227efc70 _get_daylight 13 API calls 16907->16903 16909 7ff7227fdad2 16908->16909 16911 7ff7227fdaef 16908->16911 16910 7ff7227fdae0 16909->16910 16909->16911 16913 7ff7227efc70 _get_daylight 13 API calls 16910->16913 16912 7ff7227fdaf9 16911->16912 17235 7ff722802158 16911->17235 17242 7ff722802194 16912->17242 16916 7ff7227fdae5 memcpy_s 16913->16916 16916->16769 16918 7ff7227eda10 33 API calls 16917->16918 16919 7ff72280182e 16918->16919 16920 7ff72280183c 16919->16920 16921 7ff7227f97f0 5 API calls 16919->16921 16922 7ff7227efd6c 16 API calls 16920->16922 16921->16920 16923 7ff722801894 16922->16923 16924 7ff722801920 16923->16924 16925 7ff7227eda10 33 API calls 16923->16925 16927 7ff722801931 16924->16927 16929 7ff7227f59cc __free_lconv_num 13 API calls 16924->16929 16926 7ff7228018a7 16925->16926 16928 7ff7228018b0 16926->16928 16931 7ff7227f97f0 5 API calls 16926->16931 16930 7ff7227fb3f3 16927->16930 16932 7ff7227f59cc __free_lconv_num 13 API calls 16927->16932 16933 7ff7227efd6c 16 API calls 16928->16933 16929->16927 16930->16775 16930->16788 16931->16928 16932->16930 16934 7ff722801907 16933->16934 16934->16924 16935 7ff72280190f SetEnvironmentVariableW 16934->16935 16935->16924 16937 7ff7227f4075 16936->16937 16938 7ff7227f406c 16936->16938 16937->16791 16937->16808 16938->16937 17254 7ff7227f3b98 16938->17254 16943 7ff72280157d 16942->16943 16948 7ff7228015aa 16942->16948 16944 7ff722801582 16943->16944 16943->16948 16945 7ff7227efc70 _get_daylight 13 API calls 16944->16945 16946 7ff722801587 16945->16946 16949 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 16946->16949 16947 7ff7228015ee 16951 7ff7227efc70 _get_daylight 13 API calls 16947->16951 16948->16947 16950 7ff72280160d 16948->16950 16964 7ff7228015e2 __crtLCMapStringW 16948->16964 16952 7ff722801592 16949->16952 16953 7ff722801629 16950->16953 16954 7ff722801617 16950->16954 16955 7ff7228015f3 16951->16955 16952->16803 16958 7ff7227eda10 33 API calls 16953->16958 16957 7ff7227efc70 _get_daylight 13 API calls 16954->16957 16956 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 16955->16956 16956->16964 16959 7ff72280161c 16957->16959 16960 7ff722801636 16958->16960 16961 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 16959->16961 16960->16964 17296 7ff722802ff0 16960->17296 16961->16964 16964->16803 16965 7ff7227efc70 _get_daylight 13 API calls 16965->16964 16967 7ff7227f3b45 16966->16967 16968 7ff7227f3b41 16966->16968 16986 7ff7227fccf4 16967->16986 16968->16867 16978 7ff7227f3e60 16968->16978 16973 7ff7227f3b57 16976 7ff7227f59cc __free_lconv_num 13 API calls 16973->16976 16976->16968 16977 7ff7227f59cc __free_lconv_num 13 API calls 16977->16973 16979 7ff7227f3e7f 16978->16979 16984 7ff7227f3e92 16978->16984 16979->16867 16980 7ff7227fa890 WideCharToMultiByte 16980->16984 16981 7ff7227f9550 _get_daylight 13 API calls 16981->16984 16982 7ff7227f3f24 16983 7ff7227f59cc __free_lconv_num 13 API calls 16982->16983 16983->16979 16984->16979 16984->16980 16984->16981 16984->16982 16985 7ff7227f59cc __free_lconv_num 13 API calls 16984->16985 16985->16984 16987 7ff7227fcd01 16986->16987 16991 7ff7227f3b4a 16986->16991 17021 7ff7227f85b8 16987->17021 16992 7ff7227fd02c GetEnvironmentStringsW 16991->16992 16993 7ff7227fd05a 16992->16993 17003 7ff7227fd0fc 16992->17003 16996 7ff7227fa890 WideCharToMultiByte 16993->16996 16994 7ff7227fd106 FreeEnvironmentStringsW 16995 7ff7227f3b4f 16994->16995 16995->16973 17004 7ff7227f3c00 16995->17004 16997 7ff7227fd0ac 16996->16997 16998 7ff7227f7d90 _fread_nolock 14 API calls 16997->16998 16997->17003 16999 7ff7227fd0bb 16998->16999 17000 7ff7227fd0e5 16999->17000 17001 7ff7227fa890 WideCharToMultiByte 16999->17001 17002 7ff7227f59cc __free_lconv_num 13 API calls 17000->17002 17001->17000 17002->17003 17003->16994 17003->16995 17005 7ff7227f3c27 17004->17005 17006 7ff7227f9550 _get_daylight 13 API calls 17005->17006 17013 7ff7227f3c5c 17006->17013 17007 7ff7227f59cc __free_lconv_num 13 API calls 17008 7ff7227f3b64 17007->17008 17008->16977 17009 7ff7227f9550 _get_daylight 13 API calls 17009->17013 17010 7ff7227f3cbc 17185 7ff7227f3e1c 17010->17185 17011 7ff7227f4c48 30 API calls 17011->17013 17013->17009 17013->17010 17013->17011 17015 7ff7227f3cf3 17013->17015 17017 7ff7227f3ccb 17013->17017 17019 7ff7227f59cc __free_lconv_num 13 API calls 17013->17019 17018 7ff7227f5984 _wfindfirst32i64 17 API calls 17015->17018 17016 7ff7227f59cc __free_lconv_num 13 API calls 17016->17017 17017->17007 17020 7ff7227f3d05 17018->17020 17019->17013 17022 7ff7227f85c9 17021->17022 17027 7ff7227f85ce 17021->17027 17023 7ff7227f9998 _get_daylight 6 API calls 17022->17023 17023->17027 17024 7ff7227f99e0 _get_daylight 6 API calls 17025 7ff7227f85ed 17024->17025 17026 7ff7227f85d6 17025->17026 17029 7ff7227f9550 _get_daylight 13 API calls 17025->17029 17028 7ff7227f4ca8 33 API calls 17026->17028 17034 7ff7227f8650 17026->17034 17027->17024 17027->17026 17030 7ff7227f865e 17028->17030 17031 7ff7227f8600 17029->17031 17032 7ff7227f861e 17031->17032 17033 7ff7227f860e 17031->17033 17035 7ff7227f99e0 _get_daylight 6 API calls 17032->17035 17036 7ff7227f99e0 _get_daylight 6 API calls 17033->17036 17046 7ff7227fca7c 17034->17046 17038 7ff7227f8626 17035->17038 17037 7ff7227f8615 17036->17037 17041 7ff7227f59cc __free_lconv_num 13 API calls 17037->17041 17039 7ff7227f863c 17038->17039 17040 7ff7227f862a 17038->17040 17043 7ff7227f8294 _get_daylight 13 API calls 17039->17043 17042 7ff7227f99e0 _get_daylight 6 API calls 17040->17042 17041->17026 17042->17037 17044 7ff7227f8644 17043->17044 17045 7ff7227f59cc __free_lconv_num 13 API calls 17044->17045 17045->17026 17064 7ff7227fcc3c 17046->17064 17048 7ff7227fcaa5 17079 7ff7227fc788 17048->17079 17051 7ff7227fcabf 17051->16991 17052 7ff7227f7d90 _fread_nolock 14 API calls 17055 7ff7227fcad0 17052->17055 17053 7ff7227fcb6b 17054 7ff7227f59cc __free_lconv_num 13 API calls 17053->17054 17054->17051 17055->17053 17086 7ff7227fcd70 17055->17086 17058 7ff7227fcb66 17059 7ff7227efc70 _get_daylight 13 API calls 17058->17059 17059->17053 17060 7ff7227fcbc8 17060->17053 17097 7ff7227fc5cc 17060->17097 17061 7ff7227fcb8b 17061->17060 17063 7ff7227f59cc __free_lconv_num 13 API calls 17061->17063 17063->17060 17065 7ff7227fcc5f 17064->17065 17066 7ff7227fcc69 17065->17066 17112 7ff7227faf44 EnterCriticalSection 17065->17112 17069 7ff7227fccdb 17066->17069 17071 7ff7227f4ca8 33 API calls 17066->17071 17069->17048 17073 7ff7227fccf3 17071->17073 17074 7ff7227fcd46 17073->17074 17076 7ff7227f85b8 33 API calls 17073->17076 17074->17048 17077 7ff7227fcd30 17076->17077 17078 7ff7227fca7c 43 API calls 17077->17078 17078->17074 17080 7ff7227eda10 33 API calls 17079->17080 17081 7ff7227fc79c 17080->17081 17082 7ff7227fc7ba 17081->17082 17083 7ff7227fc7a8 GetOEMCP 17081->17083 17084 7ff7227fc7bf GetACP 17082->17084 17085 7ff7227fc7cf 17082->17085 17083->17085 17084->17085 17085->17051 17085->17052 17087 7ff7227fc788 35 API calls 17086->17087 17088 7ff7227fcd9b 17087->17088 17089 7ff7227fcdd8 IsValidCodePage 17088->17089 17095 7ff7227fce1b memcpy_s 17088->17095 17091 7ff7227fcde9 17089->17091 17089->17095 17090 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17092 7ff7227fcb5f 17090->17092 17093 7ff7227fce20 GetCPInfo 17091->17093 17096 7ff7227fcdf2 memcpy_s 17091->17096 17092->17058 17092->17061 17093->17095 17093->17096 17095->17090 17113 7ff7227fc898 17096->17113 17184 7ff7227faf44 EnterCriticalSection 17097->17184 17114 7ff7227fc8d5 GetCPInfo 17113->17114 17115 7ff7227fc9cb 17113->17115 17114->17115 17120 7ff7227fc8e8 17114->17120 17116 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17115->17116 17117 7ff7227fca64 17116->17117 17117->17095 17124 7ff7227fd514 17120->17124 17123 7ff7228020a8 37 API calls 17123->17115 17125 7ff7227eda10 33 API calls 17124->17125 17126 7ff7227fd556 17125->17126 17127 7ff7227fa0b0 _fread_nolock MultiByteToWideChar 17126->17127 17129 7ff7227fd58c 17127->17129 17128 7ff7227fd593 17131 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17128->17131 17129->17128 17130 7ff7227f7d90 _fread_nolock 14 API calls 17129->17130 17134 7ff7227fd5b8 memcpy_s 17129->17134 17130->17134 17132 7ff7227fc95f 17131->17132 17139 7ff7228020a8 17132->17139 17133 7ff7227fd650 17133->17128 17137 7ff7227f59cc __free_lconv_num 13 API calls 17133->17137 17134->17133 17135 7ff7227fa0b0 _fread_nolock MultiByteToWideChar 17134->17135 17136 7ff7227fd632 17135->17136 17136->17133 17138 7ff7227fd636 GetStringTypeW 17136->17138 17137->17128 17138->17133 17140 7ff7227eda10 33 API calls 17139->17140 17141 7ff7228020cd 17140->17141 17144 7ff722801d90 17141->17144 17145 7ff722801dd2 17144->17145 17146 7ff7227fa0b0 _fread_nolock MultiByteToWideChar 17145->17146 17149 7ff722801e1c 17146->17149 17147 7ff72280205b 17148 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17147->17148 17150 7ff7227fc992 17148->17150 17149->17147 17151 7ff722801e4f 17149->17151 17152 7ff7227f7d90 _fread_nolock 14 API calls 17149->17152 17150->17123 17153 7ff7227fa0b0 _fread_nolock MultiByteToWideChar 17151->17153 17155 7ff722801f53 17151->17155 17152->17151 17154 7ff722801ec1 17153->17154 17154->17155 17172 7ff7227f9a98 17154->17172 17155->17147 17157 7ff7227f59cc __free_lconv_num 13 API calls 17155->17157 17157->17147 17159 7ff722801f62 17161 7ff7227f7d90 _fread_nolock 14 API calls 17159->17161 17164 7ff722801f7c 17159->17164 17160 7ff722801f10 17160->17155 17162 7ff7227f9a98 __crtLCMapStringW 6 API calls 17160->17162 17161->17164 17162->17155 17163 7ff7227f9a98 __crtLCMapStringW 6 API calls 17166 7ff722801ffd 17163->17166 17164->17155 17164->17163 17165 7ff722802032 17165->17155 17167 7ff7227f59cc __free_lconv_num 13 API calls 17165->17167 17166->17165 17178 7ff7227fa890 17166->17178 17167->17155 17173 7ff7227f95c8 try_get_function 5 API calls 17172->17173 17174 7ff7227f9ad6 17173->17174 17175 7ff7227f9adb 17174->17175 17181 7ff7227f9b74 17174->17181 17175->17155 17175->17159 17175->17160 17177 7ff7227f9b37 LCMapStringW 17177->17175 17180 7ff7227fa8b3 WideCharToMultiByte 17178->17180 17182 7ff7227f95c8 try_get_function 5 API calls 17181->17182 17183 7ff7227f9ba2 __crtLCMapStringW 17182->17183 17183->17177 17186 7ff7227f3e21 17185->17186 17187 7ff7227f3cc4 17185->17187 17188 7ff7227f3e4a 17186->17188 17189 7ff7227f59cc __free_lconv_num 13 API calls 17186->17189 17187->17016 17190 7ff7227f59cc __free_lconv_num 13 API calls 17188->17190 17189->17186 17190->17187 17192 7ff7228008c1 17191->17192 17193 7ff7228008d8 17191->17193 17194 7ff7227efc70 _get_daylight 13 API calls 17192->17194 17193->17192 17196 7ff7228008e6 17193->17196 17195 7ff7228008c6 17194->17195 17197 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17195->17197 17198 7ff7227eda10 33 API calls 17196->17198 17199 7ff7228008d1 17196->17199 17197->17199 17198->17199 17199->16903 17201 7ff7227eda10 33 API calls 17200->17201 17202 7ff722803435 17201->17202 17205 7ff7228030b0 17202->17205 17208 7ff7228030fa 17205->17208 17206 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17207 7ff722801789 17206->17207 17207->16903 17207->16907 17209 7ff722803181 17208->17209 17211 7ff72280316c GetCPInfo 17208->17211 17214 7ff722803185 17208->17214 17210 7ff7227fa0b0 _fread_nolock MultiByteToWideChar 17209->17210 17209->17214 17212 7ff722803219 17210->17212 17211->17209 17211->17214 17213 7ff7227f7d90 _fread_nolock 14 API calls 17212->17213 17212->17214 17217 7ff72280324c 17212->17217 17213->17217 17214->17206 17215 7ff7227fa0b0 _fread_nolock MultiByteToWideChar 17216 7ff7228032bb 17215->17216 17218 7ff7228033c9 17216->17218 17219 7ff7227fa0b0 _fread_nolock MultiByteToWideChar 17216->17219 17217->17215 17217->17218 17218->17214 17220 7ff7227f59cc __free_lconv_num 13 API calls 17218->17220 17221 7ff7228032e1 17219->17221 17220->17214 17221->17218 17222 7ff7227f7d90 _fread_nolock 14 API calls 17221->17222 17224 7ff72280330a 17221->17224 17222->17224 17223 7ff7227fa0b0 _fread_nolock MultiByteToWideChar 17226 7ff72280337b 17223->17226 17224->17223 17225 7ff7228033ad 17224->17225 17225->17218 17228 7ff7227f59cc __free_lconv_num 13 API calls 17225->17228 17226->17225 17229 7ff7227f982c 17226->17229 17228->17218 17230 7ff7227f95c8 try_get_function 5 API calls 17229->17230 17231 7ff7227f986a 17230->17231 17232 7ff7227f986f 17231->17232 17233 7ff7227f9b74 __crtLCMapStringW 5 API calls 17231->17233 17232->17225 17234 7ff7227f98cb CompareStringW 17233->17234 17234->17232 17236 7ff722802161 17235->17236 17237 7ff72280217a HeapSize 17235->17237 17238 7ff7227efc70 _get_daylight 13 API calls 17236->17238 17239 7ff722802166 17238->17239 17240 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17239->17240 17241 7ff722802171 17240->17241 17241->16912 17243 7ff7228021b3 17242->17243 17244 7ff7228021a9 17242->17244 17246 7ff7228021b8 17243->17246 17252 7ff7228021bf _get_daylight 17243->17252 17245 7ff7227f7d90 _fread_nolock 14 API calls 17244->17245 17250 7ff7228021b1 17245->17250 17247 7ff7227f59cc __free_lconv_num 13 API calls 17246->17247 17247->17250 17248 7ff7228021c5 17251 7ff7227efc70 _get_daylight 13 API calls 17248->17251 17249 7ff7228021f2 HeapReAlloc 17249->17250 17249->17252 17250->16916 17251->17250 17252->17248 17252->17249 17253 7ff7227fdc34 _get_daylight 2 API calls 17252->17253 17253->17252 17255 7ff7227f3bb1 17254->17255 17256 7ff7227f3bad 17254->17256 17272 7ff7227fd130 GetEnvironmentStringsW 17255->17272 17256->16937 17264 7ff7227f3f34 17256->17264 17259 7ff7227f3bbe 17262 7ff7227f59cc __free_lconv_num 13 API calls 17259->17262 17262->17256 17263 7ff7227f59cc __free_lconv_num 13 API calls 17263->17259 17265 7ff7227f3f4f 17264->17265 17270 7ff7227f3f62 17264->17270 17265->16937 17266 7ff7227fa0b0 MultiByteToWideChar _fread_nolock 17266->17270 17267 7ff7227f9550 _get_daylight 13 API calls 17267->17270 17268 7ff7227f3fd8 17269 7ff7227f59cc __free_lconv_num 13 API calls 17268->17269 17269->17265 17270->17265 17270->17266 17270->17267 17270->17268 17271 7ff7227f59cc __free_lconv_num 13 API calls 17270->17271 17271->17270 17273 7ff7227fd154 17272->17273 17274 7ff7227f3bb6 17272->17274 17275 7ff7227f7d90 _fread_nolock 14 API calls 17273->17275 17274->17259 17279 7ff7227f3d08 17274->17279 17276 7ff7227fd18e memcpy_s 17275->17276 17277 7ff7227f59cc __free_lconv_num 13 API calls 17276->17277 17278 7ff7227fd1ae FreeEnvironmentStringsW 17277->17278 17278->17274 17280 7ff7227f3d30 17279->17280 17281 7ff7227f9550 _get_daylight 13 API calls 17280->17281 17290 7ff7227f3d6b 17281->17290 17282 7ff7227f3de0 17283 7ff7227f59cc __free_lconv_num 13 API calls 17282->17283 17284 7ff7227f3bcb 17283->17284 17284->17263 17285 7ff7227f9550 _get_daylight 13 API calls 17285->17290 17286 7ff7227f3dd1 17288 7ff7227f3e1c 13 API calls 17286->17288 17287 7ff7227fb0d4 _wfindfirst32i64 30 API calls 17287->17290 17289 7ff7227f3dd9 17288->17289 17292 7ff7227f59cc __free_lconv_num 13 API calls 17289->17292 17290->17282 17290->17285 17290->17286 17290->17287 17291 7ff7227f3e08 17290->17291 17294 7ff7227f59cc __free_lconv_num 13 API calls 17290->17294 17293 7ff7227f5984 _wfindfirst32i64 17 API calls 17291->17293 17292->17282 17295 7ff7227f3e1a 17293->17295 17294->17290 17297 7ff722803019 __crtLCMapStringW 17296->17297 17298 7ff7227f982c 6 API calls 17297->17298 17299 7ff722801672 17297->17299 17298->17299 17299->16964 17299->16965 14192 7ff7227ea754 14215 7ff7227eabb4 14192->14215 14195 7ff7227ea8a0 14325 7ff7227eaee0 IsProcessorFeaturePresent 14195->14325 14196 7ff7227ea770 __scrt_acquire_startup_lock 14198 7ff7227ea8aa 14196->14198 14200 7ff7227ea78e 14196->14200 14199 7ff7227eaee0 7 API calls 14198->14199 14203 7ff7227ea8b5 14199->14203 14201 7ff7227ea7b3 14200->14201 14205 7ff7227ea7d0 __scrt_release_startup_lock 14200->14205 14310 7ff7227f412c 14200->14310 14204 7ff7227ea839 14221 7ff7227eb02c 14204->14221 14205->14204 14314 7ff7227f4470 14205->14314 14207 7ff7227ea83e 14224 7ff7227e1000 14207->14224 14212 7ff7227ea861 14212->14203 14321 7ff7227ead48 14212->14321 14332 7ff7227eb1a8 14215->14332 14218 7ff7227ea768 14218->14195 14218->14196 14219 7ff7227eabe3 __scrt_initialize_crt 14219->14218 14334 7ff7227ec10c 14219->14334 14361 7ff7227eba40 14221->14361 14225 7ff7227e100b 14224->14225 14363 7ff7227e70f0 14225->14363 14227 7ff7227e101d 14374 7ff7227f06c8 14227->14374 14234 7ff7227e353b 14301 7ff7227e363c 14234->14301 14399 7ff7227e64e0 14234->14399 14237 7ff7227e3589 14238 7ff7227e35d5 14237->14238 14239 7ff7227e64e0 42 API calls 14237->14239 14414 7ff7227e6a80 14238->14414 14241 7ff7227e35aa 14239->14241 14241->14238 14526 7ff7227ef95c 14241->14526 14246 7ff7227e36df 14248 7ff7227e370a 14246->14248 14580 7ff7227e3040 14246->14580 14258 7ff7227e374d 14248->14258 14425 7ff7227e7490 14248->14425 14249 7ff7227e19c0 103 API calls 14250 7ff7227e3620 14249->14250 14254 7ff7227e3624 14250->14254 14255 7ff7227e3662 14250->14255 14251 7ff7227e6a80 31 API calls 14251->14238 14532 7ff7227e2760 14254->14532 14255->14246 14552 7ff7227e3b50 14255->14552 14256 7ff7227e372a 14259 7ff7227e3740 SetDllDirectoryW 14256->14259 14260 7ff7227e372f 14256->14260 14439 7ff7227e59d0 14258->14439 14259->14258 14263 7ff7227e2760 18 API calls 14260->14263 14263->14301 14266 7ff7227e37a8 14268 7ff7227e5950 14 API calls 14266->14268 14267 7ff7227e3684 14271 7ff7227e2760 18 API calls 14267->14271 14272 7ff7227e37b2 14268->14272 14271->14301 14275 7ff7227e3866 14272->14275 14285 7ff7227e37bb 14272->14285 14443 7ff7227e2ed0 14275->14443 14276 7ff7227e36b7 14568 7ff7227ec8c4 14276->14568 14282 7ff7227e377f 14608 7ff7227e51f0 14282->14608 14283 7ff7227e379e 14284 7ff7227e54d0 FreeLibrary 14283->14284 14284->14266 14285->14301 14682 7ff7227e2e70 14285->14682 14288 7ff7227e3789 14288->14283 14292 7ff7227e378d 14288->14292 14290 7ff7227e64e0 42 API calls 14296 7ff7227e38a7 14290->14296 14676 7ff7227e5860 14292->14676 14293 7ff7227e3841 14297 7ff7227e54d0 FreeLibrary 14293->14297 14296->14301 14464 7ff7227e6ac0 14296->14464 14298 7ff7227e3855 14297->14298 14299 7ff7227e5950 14 API calls 14298->14299 14299->14301 14543 7ff7227ea5f0 14301->14543 14311 7ff7227f4161 14310->14311 14312 7ff7227f417b 14310->14312 14311->14312 16703 7ff7227efb44 14311->16703 14312->14205 14315 7ff7227f44a6 14314->14315 14316 7ff7227f4494 14314->14316 16726 7ff7227f4b80 14315->16726 14316->14204 14319 7ff7227eb070 GetModuleHandleW 14320 7ff7227eb081 14319->14320 14320->14212 14323 7ff7227ead59 14321->14323 14322 7ff7227ea878 14322->14201 14323->14322 14324 7ff7227ec10c __scrt_initialize_crt 7 API calls 14323->14324 14324->14322 14326 7ff7227eaf06 _wfindfirst32i64 memcpy_s 14325->14326 14327 7ff7227eaf25 RtlCaptureContext RtlLookupFunctionEntry 14326->14327 14328 7ff7227eaf4e RtlVirtualUnwind 14327->14328 14329 7ff7227eaf8a memcpy_s 14327->14329 14328->14329 14330 7ff7227eafbc IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14329->14330 14331 7ff7227eb00e _wfindfirst32i64 14330->14331 14331->14198 14333 7ff7227eabd6 __scrt_dllmain_crt_thread_attach 14332->14333 14333->14218 14333->14219 14335 7ff7227ec114 14334->14335 14336 7ff7227ec11e 14334->14336 14340 7ff7227ec390 14335->14340 14336->14218 14341 7ff7227ec39f 14340->14341 14342 7ff7227ec119 14340->14342 14348 7ff7227ec5b8 14341->14348 14344 7ff7227ec3e8 14342->14344 14345 7ff7227ec413 14344->14345 14346 7ff7227ec3f6 DeleteCriticalSection 14345->14346 14347 7ff7227ec417 14345->14347 14346->14345 14347->14336 14352 7ff7227ec420 14348->14352 14353 7ff7227ec53a TlsFree 14352->14353 14358 7ff7227ec464 try_get_function 14352->14358 14354 7ff7227ec492 LoadLibraryExW 14356 7ff7227ec4b3 GetLastError 14354->14356 14357 7ff7227ec509 14354->14357 14355 7ff7227ec529 GetProcAddress 14355->14353 14356->14358 14357->14355 14359 7ff7227ec520 FreeLibrary 14357->14359 14358->14353 14358->14354 14358->14355 14360 7ff7227ec4d5 LoadLibraryExW 14358->14360 14359->14355 14360->14357 14360->14358 14362 7ff7227eb043 GetStartupInfoW 14361->14362 14362->14207 14364 7ff7227e710f 14363->14364 14365 7ff7227e7117 14364->14365 14366 7ff7227e7160 WideCharToMultiByte 14364->14366 14367 7ff7227e7207 14364->14367 14368 7ff7227e71b6 WideCharToMultiByte 14364->14368 14365->14227 14366->14364 14366->14367 14731 7ff7227e2610 14367->14731 14368->14364 14368->14367 14370 7ff7227e7233 14371 7ff7227e7251 14370->14371 14373 7ff7227ef95c __vcrt_freefls 14 API calls 14370->14373 14372 7ff7227ef95c __vcrt_freefls 14 API calls 14371->14372 14372->14365 14373->14370 14377 7ff7227fa4c4 14374->14377 14375 7ff7227fa547 14767 7ff7227efc70 14375->14767 14377->14375 14379 7ff7227fa508 14377->14379 14760 7ff7227fa3a0 14379->14760 14383 7ff7227e1ae0 14384 7ff7227e1af5 14383->14384 14385 7ff7227e1b10 14384->14385 14876 7ff7227e24c0 14384->14876 14385->14301 14387 7ff7227e3a40 14385->14387 14388 7ff7227ea620 14387->14388 14389 7ff7227e3a4c GetModuleFileNameW 14388->14389 14390 7ff7227e3a92 14389->14390 14391 7ff7227e3a7b 14389->14391 14912 7ff7227e75a0 14390->14912 14392 7ff7227e2610 16 API calls 14391->14392 14395 7ff7227e3a8e 14392->14395 14397 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14395->14397 14396 7ff7227e2760 18 API calls 14396->14395 14398 7ff7227e3acf 14397->14398 14398->14234 14400 7ff7227e64ea 14399->14400 14401 7ff7227e7490 16 API calls 14400->14401 14402 7ff7227e650c GetEnvironmentVariableW 14401->14402 14403 7ff7227e6524 ExpandEnvironmentStringsW 14402->14403 14404 7ff7227e6576 14402->14404 14406 7ff7227e75a0 18 API calls 14403->14406 14405 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14404->14405 14407 7ff7227e6588 14405->14407 14408 7ff7227e654c 14406->14408 14407->14237 14408->14404 14409 7ff7227e6556 14408->14409 14923 7ff7227f4ba8 14409->14923 14412 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14413 7ff7227e656e 14412->14413 14413->14237 14415 7ff7227e7490 16 API calls 14414->14415 14416 7ff7227e6a97 SetEnvironmentVariableW 14415->14416 14417 7ff7227ef95c __vcrt_freefls 14 API calls 14416->14417 14418 7ff7227e35ea 14417->14418 14419 7ff7227e19c0 14418->14419 14420 7ff7227e19f0 14419->14420 14420->14420 14424 7ff7227e1a6a 14420->14424 14939 7ff7227e17a0 14420->14939 14423 7ff7227ec8c4 64 API calls 14423->14424 14424->14246 14424->14249 14426 7ff7227e74b1 MultiByteToWideChar 14425->14426 14427 7ff7227e7537 MultiByteToWideChar 14425->14427 14430 7ff7227e74d7 14426->14430 14433 7ff7227e74fc 14426->14433 14428 7ff7227e757f 14427->14428 14429 7ff7227e755a 14427->14429 14428->14256 14431 7ff7227e2610 14 API calls 14429->14431 14432 7ff7227e2610 14 API calls 14430->14432 14434 7ff7227e756d 14431->14434 14435 7ff7227e74ea 14432->14435 14433->14427 14436 7ff7227e7512 14433->14436 14434->14256 14435->14256 14437 7ff7227e2610 14 API calls 14436->14437 14438 7ff7227e7525 14437->14438 14438->14256 14440 7ff7227e59e5 14439->14440 14441 7ff7227e3752 14440->14441 14442 7ff7227e24c0 40 API calls 14440->14442 14441->14266 14584 7ff7227e56b0 14441->14584 14442->14441 14449 7ff7227e2f43 14443->14449 14452 7ff7227e2f84 14443->14452 14444 7ff7227e2fc3 14446 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14444->14446 14445 7ff7227e1aa0 65 API calls 14445->14452 14447 7ff7227e2fd5 14446->14447 14447->14301 14453 7ff7227e6a10 14447->14453 14449->14452 14992 7ff7227e1440 14449->14992 15026 7ff7227e2980 14449->15026 15070 7ff7227e1770 14449->15070 14452->14444 14452->14445 14454 7ff7227e7490 16 API calls 14453->14454 14455 7ff7227e6a2f 14454->14455 14456 7ff7227e7490 16 API calls 14455->14456 14457 7ff7227e6a3f 14456->14457 14458 7ff7227f1d4c 31 API calls 14457->14458 14459 7ff7227e6a4d 14458->14459 14460 7ff7227ef95c __vcrt_freefls 14 API calls 14459->14460 14461 7ff7227e6a57 14460->14461 14462 7ff7227ef95c __vcrt_freefls 14 API calls 14461->14462 14463 7ff7227e389b 14462->14463 14463->14290 14465 7ff7227e6ad0 14464->14465 14466 7ff7227e7490 16 API calls 14465->14466 14467 7ff7227e6b01 14466->14467 15861 7ff7227f29dc 14467->15861 14470 7ff7227f29dc 16 API calls 14471 7ff7227e6b1a 14470->14471 14472 7ff7227f29dc 16 API calls 14471->14472 14473 7ff7227e6b24 14472->14473 14474 7ff7227f29dc 16 API calls 14473->14474 14527 7ff7227f59cc 14526->14527 14528 7ff7227f59d1 RtlFreeHeap 14527->14528 14529 7ff7227e35c9 14527->14529 14528->14529 14530 7ff7227f59ec 14528->14530 14529->14251 14531 7ff7227efc70 _get_daylight 13 API calls 14530->14531 14531->14529 14533 7ff7227e2780 memcpy_s 14532->14533 14534 7ff7227e7490 16 API calls 14533->14534 14535 7ff7227e27fa 14534->14535 14536 7ff7227e27ff 14535->14536 14537 7ff7227e2839 MessageBoxA 14535->14537 14538 7ff7227e7490 16 API calls 14536->14538 14539 7ff7227e2853 14537->14539 14541 7ff7227e2819 MessageBoxW 14538->14541 14540 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14539->14540 14542 7ff7227e2863 14540->14542 14541->14539 14542->14301 14544 7ff7227ea5f9 14543->14544 14545 7ff7227e3650 14544->14545 14546 7ff7227ea910 IsProcessorFeaturePresent 14544->14546 14545->14319 14547 7ff7227ea928 14546->14547 15926 7ff7227eab04 RtlCaptureContext 14547->15926 14553 7ff7227e3b5c 14552->14553 14554 7ff7227e7490 16 API calls 14553->14554 14555 7ff7227e3b87 14554->14555 14556 7ff7227e7490 16 API calls 14555->14556 14557 7ff7227e3b9a 14556->14557 15931 7ff7227f0c88 14557->15931 14560 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14561 7ff7227e367c 14560->14561 14561->14267 14562 7ff7227e6cf0 14561->14562 14567 7ff7227e6d14 14562->14567 14563 7ff7227ef95c __vcrt_freefls 14 API calls 14564 7ff7227e36b2 14563->14564 14564->14246 14564->14276 14565 7ff7227e6deb 14565->14563 14566 7ff7227ecbe0 _fread_nolock 46 API calls 14566->14567 14567->14565 14567->14566 14569 7ff7227ec8db 14568->14569 14570 7ff7227ec8f9 14568->14570 14571 7ff7227efc70 _get_daylight 13 API calls 14569->14571 14572 7ff7227ec8eb 14570->14572 16372 7ff7227efba0 EnterCriticalSection 14570->16372 14573 7ff7227ec8e0 14571->14573 14572->14267 14575 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 14573->14575 14575->14572 14581 7ff7227e3057 14580->14581 14582 7ff7227e3080 14580->14582 14581->14582 14583 7ff7227e1770 18 API calls 14581->14583 14582->14248 14583->14581 14585 7ff7227e56d4 14584->14585 14590 7ff7227e5701 14584->14590 14586 7ff7227e56fc 14585->14586 14587 7ff7227e376a 14585->14587 14588 7ff7227e1770 18 API calls 14585->14588 14585->14590 16373 7ff7227e12b0 14586->16373 14587->14266 14595 7ff7227e5260 14587->14595 14588->14585 14590->14587 14591 7ff7227e5837 14590->14591 14593 7ff7227e57d7 memcpy_s 14590->14593 14592 7ff7227e2760 18 API calls 14591->14592 14592->14587 14593->14587 14594 7ff7227ef95c __vcrt_freefls 14 API calls 14593->14594 14594->14587 14598 7ff7227e5273 memcpy_s 14595->14598 14597 7ff7227ef95c __vcrt_freefls 14 API calls 14599 7ff7227e5473 14597->14599 14602 7ff7227e54ac 14598->14602 14604 7ff7227e1440 144 API calls 14598->14604 14605 7ff7227e5495 14598->14605 14607 7ff7227e53b6 14598->14607 16399 7ff7227e1650 14598->16399 14600 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14599->14600 14601 7ff7227e377b 14600->14601 14601->14282 14601->14283 14603 7ff7227e2760 18 API calls 14602->14603 14603->14607 14604->14598 14606 7ff7227e2760 18 API calls 14605->14606 14606->14607 14607->14597 16404 7ff7227e6ca0 14608->16404 14611 7ff7227e6ca0 31 API calls 14612 7ff7227e5215 14611->14612 14613 7ff7227e523a 14612->14613 14614 7ff7227e522d GetProcAddress 14612->14614 14615 7ff7227e2760 18 API calls 14613->14615 14618 7ff7227e5b0c GetProcAddress 14614->14618 14619 7ff7227e5ae9 14614->14619 14617 7ff7227e5246 14615->14617 14617->14288 14618->14619 14620 7ff7227e5b31 GetProcAddress 14618->14620 14622 7ff7227e2610 16 API calls 14619->14622 14620->14619 14621 7ff7227e5b56 GetProcAddress 14620->14621 14621->14619 14623 7ff7227e5b7e GetProcAddress 14621->14623 14624 7ff7227e5afc 14622->14624 14623->14619 14625 7ff7227e5ba6 GetProcAddress 14623->14625 14624->14288 14625->14619 14626 7ff7227e5bce GetProcAddress 14625->14626 14627 7ff7227e5bf6 GetProcAddress 14626->14627 14628 7ff7227e5bea 14626->14628 14629 7ff7227e5c12 14627->14629 14630 7ff7227e5c1e GetProcAddress 14627->14630 14628->14627 14629->14630 14631 7ff7227e5c46 GetProcAddress 14630->14631 14632 7ff7227e5c3a 14630->14632 14633 7ff7227e5c62 14631->14633 14634 7ff7227e5c6e GetProcAddress 14631->14634 14632->14631 14633->14634 14635 7ff7227e5c96 GetProcAddress 14634->14635 14636 7ff7227e5c8a 14634->14636 14637 7ff7227e5cb2 14635->14637 14638 7ff7227e5cbe GetProcAddress 14635->14638 14636->14635 14637->14638 14639 7ff7227e5ce6 GetProcAddress 14638->14639 14640 7ff7227e5cda 14638->14640 14641 7ff7227e5d02 14639->14641 14642 7ff7227e5d0e GetProcAddress 14639->14642 14640->14639 14641->14642 14677 7ff7227e587d 14676->14677 14678 7ff7227e2760 18 API calls 14677->14678 14681 7ff7227e379c 14677->14681 14679 7ff7227e58c9 14678->14679 14680 7ff7227e54d0 FreeLibrary 14679->14680 14680->14681 14681->14272 16409 7ff7227e4770 14682->16409 14685 7ff7227e2ebd 14685->14293 14687 7ff7227e2e94 14687->14685 16457 7ff7227e4540 14687->16457 14689 7ff7227e2ea0 14689->14685 16468 7ff7227e4670 14689->16468 14691 7ff7227e2eac 14691->14685 14692 7ff7227e30f5 14691->14692 14693 7ff7227e30e0 14691->14693 14695 7ff7227e310e 14692->14695 14704 7ff7227e3123 14692->14704 14694 7ff7227e2760 18 API calls 14693->14694 14699 7ff7227e30ec 14694->14699 14696 7ff7227e2760 18 API calls 14695->14696 14696->14699 14697 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14698 7ff7227e3244 14697->14698 14698->14293 14699->14697 14700 7ff7227e12b0 105 API calls 14700->14704 14701 7ff7227e1770 18 API calls 14701->14704 14702 7ff7227e34ad 14703 7ff7227e2760 18 API calls 14702->14703 14703->14699 14704->14699 14704->14700 14704->14701 14704->14702 14705 7ff7227e348d 14704->14705 14707 7ff7227ef95c __vcrt_freefls 14 API calls 14704->14707 14708 7ff7227e3250 14704->14708 14706 7ff7227e2760 18 API calls 14705->14706 14706->14699 14707->14704 14709 7ff7227e32ac 14708->14709 14710 7ff7227f4ba8 30 API calls 14708->14710 14711 7ff7227e16d0 18 API calls 14709->14711 14710->14709 14712 7ff7227e32c7 14711->14712 14746 7ff7227ea620 14731->14746 14734 7ff7227e2659 14748 7ff7227e6fa0 14734->14748 14736 7ff7227e2690 memcpy_s 14737 7ff7227e7490 13 API calls 14736->14737 14738 7ff7227e26e5 14737->14738 14739 7ff7227e2724 MessageBoxA 14738->14739 14740 7ff7227e26ea 14738->14740 14742 7ff7227e273e 14739->14742 14741 7ff7227e7490 13 API calls 14740->14741 14743 7ff7227e2704 MessageBoxW 14741->14743 14744 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14742->14744 14743->14742 14745 7ff7227e274e 14744->14745 14745->14370 14747 7ff7227e262c GetLastError 14746->14747 14747->14734 14749 7ff7227e6fac 14748->14749 14750 7ff7227e6fcd FormatMessageW 14749->14750 14751 7ff7227e6fc7 GetLastError 14749->14751 14752 7ff7227e7000 14750->14752 14753 7ff7227e701c WideCharToMultiByte 14750->14753 14751->14750 14756 7ff7227e2610 13 API calls 14752->14756 14754 7ff7227e7056 14753->14754 14755 7ff7227e7013 14753->14755 14757 7ff7227e2610 13 API calls 14754->14757 14758 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14755->14758 14756->14755 14757->14755 14759 7ff7227e7085 14758->14759 14759->14736 14773 7ff7227efba0 EnterCriticalSection 14760->14773 14774 7ff7227f8660 GetLastError 14767->14774 14769 7ff7227efc79 14770 7ff7227f5964 14769->14770 14856 7ff7227f58b4 14770->14856 14775 7ff7227f8682 14774->14775 14779 7ff7227f8687 14774->14779 14797 7ff7227f9998 14775->14797 14780 7ff7227f868f SetLastError 14779->14780 14801 7ff7227f99e0 14779->14801 14780->14769 14784 7ff7227f86db 14787 7ff7227f99e0 _get_daylight 6 API calls 14784->14787 14785 7ff7227f86cb 14786 7ff7227f99e0 _get_daylight 6 API calls 14785->14786 14788 7ff7227f86d2 14786->14788 14789 7ff7227f86e3 14787->14789 14813 7ff7227f59cc 14788->14813 14790 7ff7227f86f9 14789->14790 14791 7ff7227f86e7 14789->14791 14818 7ff7227f8294 14790->14818 14792 7ff7227f99e0 _get_daylight 6 API calls 14791->14792 14792->14788 14823 7ff7227f95c8 14797->14823 14802 7ff7227f95c8 try_get_function 5 API calls 14801->14802 14803 7ff7227f9a0e 14802->14803 14804 7ff7227f9a20 TlsSetValue 14803->14804 14805 7ff7227f86aa 14803->14805 14804->14805 14805->14780 14806 7ff7227f9550 14805->14806 14811 7ff7227f9561 _get_daylight 14806->14811 14807 7ff7227f95b2 14810 7ff7227efc70 _get_daylight 12 API calls 14807->14810 14808 7ff7227f9596 HeapAlloc 14809 7ff7227f86bd 14808->14809 14808->14811 14809->14784 14809->14785 14810->14809 14811->14807 14811->14808 14833 7ff7227fdc34 14811->14833 14814 7ff7227f59d1 RtlFreeHeap 14813->14814 14815 7ff7227f5a03 14813->14815 14814->14815 14816 7ff7227f59ec 14814->14816 14815->14780 14817 7ff7227efc70 _get_daylight 12 API calls 14816->14817 14817->14815 14842 7ff7227f816c 14818->14842 14824 7ff7227f9629 TlsGetValue 14823->14824 14831 7ff7227f9624 try_get_function 14823->14831 14825 7ff7227f970c 14825->14824 14828 7ff7227f971a GetProcAddress 14825->14828 14826 7ff7227f9658 LoadLibraryExW 14827 7ff7227f9679 GetLastError 14826->14827 14826->14831 14827->14831 14829 7ff7227f972b 14828->14829 14829->14824 14830 7ff7227f96f1 FreeLibrary 14830->14831 14831->14824 14831->14825 14831->14826 14831->14830 14832 7ff7227f96b3 LoadLibraryExW 14831->14832 14832->14831 14836 7ff7227fdc64 14833->14836 14841 7ff7227faf44 EnterCriticalSection 14836->14841 14854 7ff7227faf44 EnterCriticalSection 14842->14854 14857 7ff7227f8660 _get_daylight 13 API calls 14856->14857 14858 7ff7227f58d9 14857->14858 14859 7ff7227e351b 14858->14859 14864 7ff7227f5984 IsProcessorFeaturePresent 14858->14864 14859->14383 14865 7ff7227f5997 14864->14865 14868 7ff7227f5750 14865->14868 14869 7ff7227f578a _wfindfirst32i64 memcpy_s 14868->14869 14870 7ff7227f57b2 RtlCaptureContext RtlLookupFunctionEntry 14869->14870 14871 7ff7227f5822 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 14870->14871 14872 7ff7227f57ec RtlVirtualUnwind 14870->14872 14873 7ff7227f5874 _wfindfirst32i64 14871->14873 14872->14871 14874 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14873->14874 14875 7ff7227f5893 GetCurrentProcess TerminateProcess 14874->14875 14877 7ff7227e24dc 14876->14877 14878 7ff7227efc70 _get_daylight 13 API calls 14877->14878 14879 7ff7227e2534 14878->14879 14891 7ff7227efc90 14879->14891 14881 7ff7227e253b memcpy_s 14882 7ff7227e7490 16 API calls 14881->14882 14883 7ff7227e2590 14882->14883 14884 7ff7227e2595 14883->14884 14885 7ff7227e25cf MessageBoxA 14883->14885 14886 7ff7227e7490 16 API calls 14884->14886 14887 7ff7227e25e9 14885->14887 14888 7ff7227e25af MessageBoxW 14886->14888 14889 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14887->14889 14888->14887 14890 7ff7227e25f9 14889->14890 14890->14385 14892 7ff7227f8660 _get_daylight 13 API calls 14891->14892 14893 7ff7227efca2 14892->14893 14894 7ff7227f9550 _get_daylight 13 API calls 14893->14894 14897 7ff7227efcdd 14893->14897 14900 7ff7227efcaa 14893->14900 14895 7ff7227efcd2 14894->14895 14896 7ff7227f59cc __free_lconv_num 13 API calls 14895->14896 14896->14897 14897->14900 14903 7ff7227f9d00 14897->14903 14900->14881 14901 7ff7227f5984 _wfindfirst32i64 17 API calls 14902 7ff7227efd6b 14901->14902 14906 7ff7227f9d18 14903->14906 14904 7ff7227f9d1d 14905 7ff7227efc70 _get_daylight 13 API calls 14904->14905 14909 7ff7227efd49 14904->14909 14911 7ff7227f9d27 14905->14911 14906->14904 14908 7ff7227f9d62 14906->14908 14906->14909 14907 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 14907->14909 14908->14909 14910 7ff7227efc70 _get_daylight 13 API calls 14908->14910 14909->14900 14909->14901 14910->14911 14911->14907 14913 7ff7227e75c4 WideCharToMultiByte 14912->14913 14914 7ff7227e7632 WideCharToMultiByte 14912->14914 14915 7ff7227e7605 14913->14915 14916 7ff7227e75ee 14913->14916 14917 7ff7227e3aa5 14914->14917 14918 7ff7227e765f 14914->14918 14915->14914 14921 7ff7227e761b 14915->14921 14920 7ff7227e2610 16 API calls 14916->14920 14917->14395 14917->14396 14919 7ff7227e2610 16 API calls 14918->14919 14919->14917 14920->14917 14922 7ff7227e2610 16 API calls 14921->14922 14922->14917 14924 7ff7227f4bbf 14923->14924 14927 7ff7227e655e 14923->14927 14924->14927 14930 7ff7227f4c48 14924->14930 14927->14412 14928 7ff7227f5984 _wfindfirst32i64 17 API calls 14929 7ff7227f4c1c 14928->14929 14931 7ff7227f4c55 14930->14931 14932 7ff7227f4c5f 14930->14932 14931->14932 14936 7ff7227f4c7a 14931->14936 14933 7ff7227efc70 _get_daylight 13 API calls 14932->14933 14938 7ff7227f4c66 14933->14938 14934 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 14935 7ff7227f4bec 14934->14935 14935->14927 14935->14928 14936->14935 14937 7ff7227efc70 _get_daylight 13 API calls 14936->14937 14937->14938 14938->14934 14940 7ff7227e17c4 14939->14940 14941 7ff7227e17d4 14939->14941 14942 7ff7227e3b50 98 API calls 14940->14942 14943 7ff7227e6cf0 47 API calls 14941->14943 14968 7ff7227e1832 14941->14968 14942->14941 14945 7ff7227e1805 14943->14945 14944 7ff7227ea5f0 _wfindfirst32i64 8 API calls 14946 7ff7227e19b0 14944->14946 14947 7ff7227e181f 14945->14947 14948 7ff7227e183c 14945->14948 14945->14968 14946->14423 14946->14424 14950 7ff7227e24c0 40 API calls 14947->14950 14969 7ff7227ecbe0 14948->14969 14950->14968 14951 7ff7227e1857 14952 7ff7227e24c0 40 API calls 14951->14952 14952->14968 14953 7ff7227e1851 14953->14951 14954 7ff7227e18d3 14953->14954 14955 7ff7227e18ee 14953->14955 14957 7ff7227e24c0 40 API calls 14954->14957 14956 7ff7227ecbe0 _fread_nolock 46 API calls 14955->14956 14958 7ff7227e1903 14956->14958 14957->14968 14958->14951 14959 7ff7227e1915 14958->14959 14972 7ff7227ec954 14959->14972 14962 7ff7227e192d 14963 7ff7227e2760 18 API calls 14962->14963 14963->14968 14964 7ff7227e1983 14965 7ff7227ec8c4 64 API calls 14964->14965 14964->14968 14965->14968 14966 7ff7227e1940 14966->14964 14967 7ff7227e2760 18 API calls 14966->14967 14967->14964 14968->14944 14978 7ff7227ecc00 14969->14978 14973 7ff7227e1929 14972->14973 14974 7ff7227ec95d 14972->14974 14973->14962 14973->14966 14975 7ff7227efc70 _get_daylight 13 API calls 14974->14975 14976 7ff7227ec962 14975->14976 14977 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 14976->14977 14977->14973 14979 7ff7227ecc2a 14978->14979 14990 7ff7227ecbf8 14978->14990 14980 7ff7227ecc76 14979->14980 14981 7ff7227ecc39 memcpy_s 14979->14981 14979->14990 14991 7ff7227efba0 EnterCriticalSection 14980->14991 14984 7ff7227efc70 _get_daylight 13 API calls 14981->14984 14986 7ff7227ecc4e 14984->14986 14988 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 14986->14988 14988->14990 14990->14953 15074 7ff7227e6270 14992->15074 14994 7ff7227e1454 14995 7ff7227e1459 14994->14995 15083 7ff7227e6590 14994->15083 14995->14449 14998 7ff7227e14a7 15001 7ff7227e14e0 14998->15001 15002 7ff7227e3b50 98 API calls 14998->15002 14999 7ff7227e1487 15000 7ff7227e24c0 40 API calls 14999->15000 15020 7ff7227e149d 15000->15020 15005 7ff7227e1516 15001->15005 15006 7ff7227e14f6 15001->15006 15003 7ff7227e14bf 15002->15003 15003->15001 15004 7ff7227e14c7 15003->15004 15007 7ff7227e2760 18 API calls 15004->15007 15009 7ff7227e151c 15005->15009 15011 7ff7227e1534 15005->15011 15008 7ff7227e24c0 40 API calls 15006->15008 15018 7ff7227e14d6 15007->15018 15008->15018 15099 7ff7227e1050 15009->15099 15012 7ff7227e1556 15011->15012 15025 7ff7227e1575 15011->15025 15014 7ff7227e24c0 40 API calls 15012->15014 15013 7ff7227e1624 15017 7ff7227ec8c4 64 API calls 15013->15017 15014->15018 15015 7ff7227e15d3 15019 7ff7227ef95c __vcrt_freefls 14 API calls 15015->15019 15016 7ff7227ec8c4 64 API calls 15016->15013 15017->15020 15018->15013 15018->15016 15019->15018 15020->14449 15021 7ff7227ecbe0 _fread_nolock 46 API calls 15021->15025 15022 7ff7227e15d5 15024 7ff7227e24c0 40 API calls 15022->15024 15024->15015 15025->15015 15025->15021 15025->15022 15121 7ff7227ed108 15025->15121 15028 7ff7227e2996 15026->15028 15027 7ff7227e2db9 15028->15027 15607 7ff7227e2dd0 15028->15607 15031 7ff7227e2ad7 15033 7ff7227e6270 80 API calls 15031->15033 15032 7ff7227e2dd0 55 API calls 15034 7ff7227e2ad3 15032->15034 15035 7ff7227e2adf 15033->15035 15034->15031 15036 7ff7227e2b45 15034->15036 15041 7ff7227e2afc 15035->15041 15613 7ff7227e6150 15035->15613 15037 7ff7227e2dd0 55 API calls 15036->15037 15040 7ff7227e2b6e 15037->15040 15039 7ff7227e2760 18 API calls 15043 7ff7227e2b16 15039->15043 15042 7ff7227e2bc8 15040->15042 15045 7ff7227e2dd0 55 API calls 15040->15045 15041->15039 15041->15043 15042->15041 15044 7ff7227e6270 80 API calls 15042->15044 15047 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15043->15047 15046 7ff7227e2bd8 15044->15046 15048 7ff7227e2b9b 15045->15048 15046->15041 15051 7ff7227e1ae0 40 API calls 15046->15051 15052 7ff7227e2cf6 15046->15052 15049 7ff7227e2b3a 15047->15049 15048->15042 15050 7ff7227e2dd0 55 API calls 15048->15050 15049->14449 15050->15042 15057 7ff7227e2c2f 15051->15057 15052->15041 15061 7ff7227e2d0e 15052->15061 15053 7ff7227e2d92 15054 7ff7227e2760 18 API calls 15053->15054 15055 7ff7227e2cf1 15054->15055 15056 7ff7227e1aa0 65 API calls 15055->15056 15056->15041 15057->15041 15057->15053 15060 7ff7227e2cbc 15057->15060 15058 7ff7227e1440 144 API calls 15058->15061 15059 7ff7227e1770 18 API calls 15059->15061 15062 7ff7227e17a0 103 API calls 15060->15062 15061->15043 15061->15058 15061->15059 15063 7ff7227e2d74 15061->15063 15064 7ff7227e2cd3 15062->15064 15065 7ff7227e2760 18 API calls 15063->15065 15064->15061 15066 7ff7227e2cd7 15064->15066 15067 7ff7227e2d85 15065->15067 15068 7ff7227e24c0 40 API calls 15066->15068 15069 7ff7227e1aa0 65 API calls 15067->15069 15068->15055 15069->15043 15071 7ff7227e1785 15070->15071 15073 7ff7227e1791 15070->15073 15072 7ff7227e2760 18 API calls 15071->15072 15072->15073 15073->14449 15075 7ff7227e6282 15074->15075 15080 7ff7227e62b8 15074->15080 15130 7ff7227e16d0 15075->15130 15080->14994 15081 7ff7227e2760 18 API calls 15082 7ff7227e62ad 15081->15082 15082->14994 15087 7ff7227e65a0 15083->15087 15084 7ff7227e6759 15085 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15084->15085 15086 7ff7227e147f 15085->15086 15086->14998 15086->14999 15087->15084 15495 7ff7227f0898 15087->15495 15089 7ff7227e6709 15090 7ff7227e7490 16 API calls 15089->15090 15092 7ff7227e6721 15090->15092 15091 7ff7227e6748 15094 7ff7227e3b50 98 API calls 15091->15094 15092->15091 15504 7ff7227e2870 15092->15504 15094->15084 15095 7ff7227e662d 15095->15084 15095->15089 15096 7ff7227f0898 37 API calls 15095->15096 15097 7ff7227e7490 16 API calls 15095->15097 15098 7ff7227e7300 32 API calls 15095->15098 15096->15095 15097->15095 15098->15095 15100 7ff7227e10a6 15099->15100 15101 7ff7227e10d3 15100->15101 15102 7ff7227e10ad 15100->15102 15105 7ff7227e10ed 15101->15105 15106 7ff7227e1109 15101->15106 15103 7ff7227e2760 18 API calls 15102->15103 15104 7ff7227e10c0 15103->15104 15104->15018 15107 7ff7227e24c0 40 API calls 15105->15107 15108 7ff7227e111b 15106->15108 15119 7ff7227e1137 memcpy_s 15106->15119 15111 7ff7227e1104 15107->15111 15109 7ff7227e24c0 40 API calls 15108->15109 15109->15111 15110 7ff7227ecbe0 _fread_nolock 46 API calls 15110->15119 15112 7ff7227ef95c __vcrt_freefls 14 API calls 15111->15112 15113 7ff7227e127e 15112->15113 15114 7ff7227ef95c __vcrt_freefls 14 API calls 15113->15114 15115 7ff7227e1286 15114->15115 15115->15018 15116 7ff7227e11fe 15117 7ff7227e2760 18 API calls 15116->15117 15117->15111 15118 7ff7227ed108 64 API calls 15118->15119 15119->15110 15119->15111 15119->15116 15119->15118 15120 7ff7227ec954 30 API calls 15119->15120 15120->15119 15122 7ff7227ed142 15121->15122 15123 7ff7227ed128 15121->15123 15122->15025 15123->15122 15124 7ff7227ed132 15123->15124 15125 7ff7227ed14a 15123->15125 15127 7ff7227efc70 _get_daylight 13 API calls 15124->15127 15599 7ff7227eceb8 15125->15599 15128 7ff7227ed137 15127->15128 15129 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15128->15129 15129->15122 15131 7ff7227e16f5 15130->15131 15132 7ff7227e1732 15131->15132 15133 7ff7227e2760 18 API calls 15131->15133 15134 7ff7227e62d0 15132->15134 15133->15132 15135 7ff7227e62e8 15134->15135 15136 7ff7227e635b 15135->15136 15137 7ff7227e6308 15135->15137 15138 7ff7227e6360 GetTempPathW 15136->15138 15139 7ff7227e64e0 42 API calls 15137->15139 15153 7ff7227e6375 15138->15153 15140 7ff7227e6314 15139->15140 15211 7ff7227e5fd0 15140->15211 15145 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15148 7ff7227e629d 15145->15148 15147 7ff7227ef95c __vcrt_freefls 14 API calls 15149 7ff7227e6344 15147->15149 15148->15080 15148->15081 15149->15138 15152 7ff7227e6436 15157 7ff7227e75a0 18 API calls 15152->15157 15153->15152 15155 7ff7227ef95c __vcrt_freefls 14 API calls 15153->15155 15159 7ff7227e63c1 15153->15159 15190 7ff7227f2f7c 15153->15190 15193 7ff7227e7300 15153->15193 15155->15153 15158 7ff7227e6447 15157->15158 15160 7ff7227ef95c __vcrt_freefls 14 API calls 15158->15160 15162 7ff7227e7490 16 API calls 15159->15162 15163 7ff7227e6412 15159->15163 15161 7ff7227e644f 15160->15161 15161->15163 15165 7ff7227e7490 16 API calls 15161->15165 15164 7ff7227e63d7 15162->15164 15163->15145 15166 7ff7227e63dc 15164->15166 15167 7ff7227e6419 SetEnvironmentVariableW 15164->15167 15168 7ff7227e6465 15165->15168 15170 7ff7227e7490 16 API calls 15166->15170 15169 7ff7227ef95c __vcrt_freefls 14 API calls 15167->15169 15171 7ff7227e649d SetEnvironmentVariableW 15168->15171 15172 7ff7227e646a 15168->15172 15169->15163 15174 7ff7227e63ec 15170->15174 15173 7ff7227e6498 15171->15173 15175 7ff7227e7490 16 API calls 15172->15175 15177 7ff7227ef95c __vcrt_freefls 14 API calls 15173->15177 15178 7ff7227f1d4c 31 API calls 15174->15178 15176 7ff7227e647a 15175->15176 15179 7ff7227f1d4c 31 API calls 15176->15179 15177->15163 15180 7ff7227e63fa 15178->15180 15181 7ff7227e6488 15179->15181 15182 7ff7227ef95c __vcrt_freefls 14 API calls 15180->15182 15183 7ff7227ef95c __vcrt_freefls 14 API calls 15181->15183 15184 7ff7227e6402 15182->15184 15185 7ff7227e6490 15183->15185 15186 7ff7227ef95c __vcrt_freefls 14 API calls 15184->15186 15188 7ff7227ef95c __vcrt_freefls 14 API calls 15185->15188 15187 7ff7227e640a 15186->15187 15189 7ff7227ef95c __vcrt_freefls 14 API calls 15187->15189 15188->15173 15189->15163 15246 7ff7227f2be0 15190->15246 15194 7ff7227ea620 15193->15194 15195 7ff7227e7310 GetCurrentProcess OpenProcessToken 15194->15195 15196 7ff7227e73d1 15195->15196 15197 7ff7227e735b GetTokenInformation 15195->15197 15199 7ff7227ef95c __vcrt_freefls 14 API calls 15196->15199 15198 7ff7227e737d GetLastError 15197->15198 15201 7ff7227e7388 15197->15201 15198->15196 15198->15201 15200 7ff7227e73d9 15199->15200 15202 7ff7227e73e4 CloseHandle 15200->15202 15203 7ff7227e73ea 15200->15203 15201->15196 15204 7ff7227e739e GetTokenInformation 15201->15204 15202->15203 15206 7ff7227e7413 LocalFree ConvertStringSecurityDescriptorToSecurityDescriptorW 15203->15206 15204->15196 15205 7ff7227e73c4 ConvertSidToStringSidW 15204->15205 15205->15196 15207 7ff7227e7446 CreateDirectoryW 15206->15207 15208 7ff7227e7458 15206->15208 15207->15208 15209 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15208->15209 15210 7ff7227e7471 15209->15210 15210->15153 15212 7ff7227e5fdc 15211->15212 15213 7ff7227e7490 16 API calls 15212->15213 15214 7ff7227e5ffe 15213->15214 15215 7ff7227e6006 15214->15215 15216 7ff7227e6019 ExpandEnvironmentStringsW 15214->15216 15217 7ff7227e2760 18 API calls 15215->15217 15218 7ff7227ef95c __vcrt_freefls 14 API calls 15216->15218 15225 7ff7227e6012 15217->15225 15219 7ff7227e603f 15218->15219 15220 7ff7227e6043 15219->15220 15221 7ff7227e6056 15219->15221 15223 7ff7227e2760 18 API calls 15220->15223 15226 7ff7227e6064 15221->15226 15227 7ff7227e6070 15221->15227 15222 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15224 7ff7227e6138 15222->15224 15223->15225 15224->15163 15236 7ff7227f1d4c 15224->15236 15225->15222 15370 7ff7227f15d4 15226->15370 15377 7ff7227f0b08 15227->15377 15230 7ff7227e606e 15231 7ff7227e608a 15230->15231 15234 7ff7227e609d memcpy_s 15230->15234 15232 7ff7227e2760 18 API calls 15231->15232 15232->15225 15233 7ff7227e6112 CreateDirectoryW 15233->15225 15234->15233 15235 7ff7227e60ec CreateDirectoryW 15234->15235 15235->15234 15237 7ff7227f1d6c 15236->15237 15238 7ff7227f1d59 15236->15238 15487 7ff7227f19c8 15237->15487 15239 7ff7227efc70 _get_daylight 13 API calls 15238->15239 15241 7ff7227f1d5e 15239->15241 15243 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15241->15243 15245 7ff7227e633a 15243->15245 15245->15147 15289 7ff7227fbd40 15246->15289 15339 7ff7227fbabc 15289->15339 15360 7ff7227faf44 EnterCriticalSection 15339->15360 15371 7ff7227f15f2 15370->15371 15374 7ff7227f1625 15370->15374 15371->15374 15391 7ff7227fb0d4 15371->15391 15374->15230 15375 7ff7227f5984 _wfindfirst32i64 17 API calls 15376 7ff7227f1655 15375->15376 15378 7ff7227f0b90 15377->15378 15379 7ff7227f0b27 15377->15379 15427 7ff7227fa868 15378->15427 15379->15378 15381 7ff7227f0b2c 15379->15381 15382 7ff7227f0b3f 15381->15382 15383 7ff7227f0b5c 15381->15383 15400 7ff7227f08c8 GetFullPathNameW 15382->15400 15408 7ff7227f093c GetFullPathNameW 15383->15408 15386 7ff7227f0b54 15386->15230 15392 7ff7227fb0e1 15391->15392 15393 7ff7227fb0eb 15391->15393 15392->15393 15397 7ff7227fb107 15392->15397 15394 7ff7227efc70 _get_daylight 13 API calls 15393->15394 15399 7ff7227fb0f3 15394->15399 15395 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15396 7ff7227f1621 15395->15396 15396->15374 15396->15375 15397->15396 15398 7ff7227efc70 _get_daylight 13 API calls 15397->15398 15398->15399 15399->15395 15401 7ff7227f08ee GetLastError 15400->15401 15403 7ff7227f0904 15400->15403 15402 7ff7227efc00 _fread_nolock 13 API calls 15401->15402 15405 7ff7227f08fb 15402->15405 15404 7ff7227f0900 15403->15404 15406 7ff7227efc70 _get_daylight 13 API calls 15403->15406 15404->15386 15406->15404 15409 7ff7227f0973 GetLastError 15408->15409 15410 7ff7227f0989 15408->15410 15411 7ff7227efc00 _fread_nolock 13 API calls 15409->15411 15412 7ff7227f0985 15410->15412 15414 7ff7227f09a7 15410->15414 15415 7ff7227ef95c __vcrt_freefls 14 API calls 15410->15415 15413 7ff7227f0980 15411->15413 15418 7ff7227f0a20 15412->15418 15414->15412 15415->15414 15430 7ff7227fa680 15427->15430 15431 7ff7227fa6d5 15430->15431 15432 7ff7227fa6ac 15430->15432 15433 7ff7227fa6fa 15431->15433 15434 7ff7227fa6d9 15431->15434 15435 7ff7227efc70 _get_daylight 13 API calls 15432->15435 15473 7ff7227f9dd4 15433->15473 15461 7ff7227fa7e8 15434->15461 15438 7ff7227fa6b1 15435->15438 15440 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15438->15440 15462 7ff7227fa802 15461->15462 15463 7ff7227fa821 15461->15463 15474 7ff7227eba40 memcpy_s 15473->15474 15494 7ff7227faf44 EnterCriticalSection 15487->15494 15515 7ff7227f84e4 GetLastError 15495->15515 15498 7ff7227fa679 15542 7ff7227ea9e4 15498->15542 15501 7ff7227fa5a0 15502 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15501->15502 15503 7ff7227fa66e 15502->15503 15503->15095 15505 7ff7227e2890 memcpy_s 15504->15505 15506 7ff7227e7490 16 API calls 15505->15506 15507 7ff7227e290a 15506->15507 15508 7ff7227e290f 15507->15508 15509 7ff7227e2949 MessageBoxA 15507->15509 15510 7ff7227e7490 16 API calls 15508->15510 15511 7ff7227e2963 15509->15511 15512 7ff7227e2929 MessageBoxW 15510->15512 15513 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15511->15513 15512->15511 15514 7ff7227e2973 15513->15514 15514->15091 15516 7ff7227f8506 15515->15516 15517 7ff7227f850b 15515->15517 15518 7ff7227f9998 _get_daylight 6 API calls 15516->15518 15519 7ff7227f99e0 _get_daylight 6 API calls 15517->15519 15522 7ff7227f8513 SetLastError 15517->15522 15518->15517 15520 7ff7227f852e 15519->15520 15521 7ff7227f9550 _get_daylight 13 API calls 15520->15521 15520->15522 15524 7ff7227f8541 15521->15524 15525 7ff7227f85b2 15522->15525 15526 7ff7227f08ad 15522->15526 15527 7ff7227f855f 15524->15527 15528 7ff7227f854f 15524->15528 15545 7ff7227f4ca8 15525->15545 15526->15498 15526->15501 15532 7ff7227f99e0 _get_daylight 6 API calls 15527->15532 15530 7ff7227f99e0 _get_daylight 6 API calls 15528->15530 15533 7ff7227f8556 15530->15533 15534 7ff7227f8567 15532->15534 15537 7ff7227f59cc __free_lconv_num 13 API calls 15533->15537 15535 7ff7227f857d 15534->15535 15536 7ff7227f856b 15534->15536 15539 7ff7227f8294 _get_daylight 13 API calls 15535->15539 15538 7ff7227f99e0 _get_daylight 6 API calls 15536->15538 15537->15522 15538->15533 15540 7ff7227f8585 15539->15540 15541 7ff7227f59cc __free_lconv_num 13 API calls 15540->15541 15541->15522 15589 7ff7227ea9f8 IsProcessorFeaturePresent 15542->15589 15554 7ff7227f2720 15545->15554 15580 7ff7227f2608 15554->15580 15585 7ff7227faf44 EnterCriticalSection 15580->15585 15590 7ff7227eaa0f 15589->15590 15595 7ff7227eaa94 RtlCaptureContext RtlLookupFunctionEntry 15590->15595 15596 7ff7227eaa23 15595->15596 15597 7ff7227eaac4 RtlVirtualUnwind 15595->15597 15598 7ff7227ea8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15596->15598 15597->15596 15606 7ff7227efba0 EnterCriticalSection 15599->15606 15608 7ff7227e2e04 15607->15608 15609 7ff7227e2e3b 15608->15609 15637 7ff7227f05c0 15608->15637 15611 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15609->15611 15612 7ff7227e2a86 15611->15612 15612->15031 15612->15032 15614 7ff7227e615e 15613->15614 15615 7ff7227e3b50 98 API calls 15614->15615 15616 7ff7227e6185 15615->15616 15617 7ff7227e6590 115 API calls 15616->15617 15618 7ff7227e6193 15617->15618 15619 7ff7227e6243 15618->15619 15621 7ff7227e61ad 15618->15621 15620 7ff7227e623f 15619->15620 15622 7ff7227ec8c4 64 API calls 15619->15622 15625 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15620->15625 15835 7ff7227ec928 15621->15835 15622->15620 15624 7ff7227e61b2 15628 7ff7227ecbe0 _fread_nolock 46 API calls 15624->15628 15631 7ff7227ec954 30 API calls 15624->15631 15632 7ff7227ed108 64 API calls 15624->15632 15633 7ff7227e61e9 15624->15633 15634 7ff7227ec928 30 API calls 15624->15634 15636 7ff7227e6220 15624->15636 15626 7ff7227e6265 15625->15626 15626->15041 15627 7ff7227ec8c4 64 API calls 15629 7ff7227e6237 15627->15629 15628->15624 15630 7ff7227ec8c4 64 API calls 15629->15630 15630->15620 15631->15624 15632->15624 15841 7ff7227f2f98 15633->15841 15634->15624 15636->15627 15638 7ff7227f05dd 15637->15638 15639 7ff7227f05e9 15637->15639 15654 7ff7227efee4 15638->15654 15678 7ff7227eda10 15639->15678 15644 7ff7227f0621 15689 7ff7227efd6c 15644->15689 15647 7ff7227f068d 15650 7ff7227efee4 52 API calls 15647->15650 15648 7ff7227f0679 15649 7ff7227f05e2 15648->15649 15651 7ff7227f59cc __free_lconv_num 13 API calls 15648->15651 15649->15609 15652 7ff7227f0699 15650->15652 15651->15649 15652->15649 15653 7ff7227f59cc __free_lconv_num 13 API calls 15652->15653 15653->15649 15655 7ff7227eff03 15654->15655 15656 7ff7227eff1f 15654->15656 15658 7ff7227efc50 _fread_nolock 13 API calls 15655->15658 15656->15655 15657 7ff7227eff32 CreateFileW 15656->15657 15659 7ff7227eff65 15657->15659 15660 7ff7227effac 15657->15660 15661 7ff7227eff08 15658->15661 15711 7ff7227f0030 GetFileType 15659->15711 15737 7ff7227f04b4 15660->15737 15662 7ff7227efc70 _get_daylight 13 API calls 15661->15662 15666 7ff7227eff0f 15662->15666 15670 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15666->15670 15667 7ff7227eff73 15672 7ff7227eff1a 15667->15672 15674 7ff7227eff8e CloseHandle 15667->15674 15668 7ff7227effb5 15671 7ff7227efc00 _fread_nolock 13 API calls 15668->15671 15669 7ff7227effc1 15760 7ff7227f0270 15669->15760 15670->15672 15677 7ff7227effbf 15671->15677 15672->15649 15674->15672 15677->15667 15679 7ff7227eda34 15678->15679 15685 7ff7227eda2f 15678->15685 15680 7ff7227f84e4 33 API calls 15679->15680 15679->15685 15681 7ff7227eda4f 15680->15681 15801 7ff7227f878c 15681->15801 15685->15644 15686 7ff7227f97f0 15685->15686 15687 7ff7227f95c8 try_get_function 5 API calls 15686->15687 15688 7ff7227f9810 15687->15688 15688->15644 15690 7ff7227efdb7 15689->15690 15692 7ff7227efd95 15689->15692 15691 7ff7227efe10 15690->15691 15693 7ff7227efdbb 15690->15693 15832 7ff7227fa0b0 15691->15832 15695 7ff7227f59cc __free_lconv_num 13 API calls 15692->15695 15701 7ff7227efda3 15692->15701 15696 7ff7227efdcf 15693->15696 15697 7ff7227f59cc __free_lconv_num 13 API calls 15693->15697 15693->15701 15695->15701 15825 7ff7227f7d90 15696->15825 15697->15696 15701->15647 15701->15648 15712 7ff7227f007e 15711->15712 15713 7ff7227f013b 15711->15713 15714 7ff7227f00aa GetFileInformationByHandle 15712->15714 15718 7ff7227f03ac 23 API calls 15712->15718 15715 7ff7227f0165 15713->15715 15716 7ff7227f0143 15713->15716 15719 7ff7227f0156 GetLastError 15714->15719 15720 7ff7227f00d3 15714->15720 15717 7ff7227f0188 PeekNamedPipe 15715->15717 15736 7ff7227f0126 15715->15736 15716->15719 15721 7ff7227f0147 15716->15721 15717->15736 15722 7ff7227f0098 15718->15722 15725 7ff7227efc00 _fread_nolock 13 API calls 15719->15725 15723 7ff7227f0270 34 API calls 15720->15723 15724 7ff7227efc70 _get_daylight 13 API calls 15721->15724 15722->15714 15722->15736 15727 7ff7227f00de 15723->15727 15724->15736 15725->15736 15726 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15728 7ff7227f01c1 15726->15728 15777 7ff7227f01d8 15727->15777 15728->15667 15731 7ff7227f01d8 10 API calls 15732 7ff7227f00fd 15731->15732 15733 7ff7227f01d8 10 API calls 15732->15733 15734 7ff7227f010e 15733->15734 15735 7ff7227efc70 _get_daylight 13 API calls 15734->15735 15734->15736 15735->15736 15736->15726 15738 7ff7227f04ea 15737->15738 15739 7ff7227f0592 15738->15739 15741 7ff7227efc70 _get_daylight 13 API calls 15738->15741 15740 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15739->15740 15742 7ff7227effb1 15740->15742 15743 7ff7227f04fe 15741->15743 15742->15668 15742->15669 15744 7ff7227efc70 _get_daylight 13 API calls 15743->15744 15745 7ff7227f0505 15744->15745 15746 7ff7227f0b08 39 API calls 15745->15746 15747 7ff7227f051b 15746->15747 15748 7ff7227f0523 15747->15748 15749 7ff7227f052c 15747->15749 15750 7ff7227efc70 _get_daylight 13 API calls 15748->15750 15751 7ff7227efc70 _get_daylight 13 API calls 15749->15751 15759 7ff7227f0528 15750->15759 15752 7ff7227f0531 15751->15752 15753 7ff7227f0587 15752->15753 15754 7ff7227efc70 _get_daylight 13 API calls 15752->15754 15755 7ff7227ef95c __vcrt_freefls 14 API calls 15753->15755 15756 7ff7227f053b 15754->15756 15755->15739 15757 7ff7227f0b08 39 API calls 15756->15757 15757->15759 15758 7ff7227f0575 GetDriveTypeW 15758->15753 15759->15753 15759->15758 15762 7ff7227f0298 15760->15762 15761 7ff7227effce 15770 7ff7227f03ac 15761->15770 15762->15761 15784 7ff7227f9f40 15762->15784 15764 7ff7227f032c 15764->15761 15765 7ff7227f9f40 34 API calls 15764->15765 15766 7ff7227f033f 15765->15766 15766->15761 15771 7ff7227f03c6 15770->15771 15772 7ff7227f03fe 15771->15772 15773 7ff7227f03d6 15771->15773 15774 7ff7227f9dd4 23 API calls 15772->15774 15775 7ff7227efc00 _fread_nolock 13 API calls 15773->15775 15776 7ff7227f03e6 15773->15776 15774->15776 15775->15776 15776->15677 15778 7ff7227f0204 FileTimeToSystemTime 15777->15778 15779 7ff7227f01f7 15777->15779 15780 7ff7227f01ff 15778->15780 15781 7ff7227f0216 SystemTimeToTzSpecificLocalTime 15778->15781 15779->15778 15779->15780 15782 7ff7227ea5f0 _wfindfirst32i64 8 API calls 15780->15782 15781->15780 15783 7ff7227f00ed 15782->15783 15783->15731 15785 7ff7227f9f4d 15784->15785 15786 7ff7227f9f71 15784->15786 15785->15786 15787 7ff7227f9f52 15785->15787 15788 7ff7227f9fab 15786->15788 15791 7ff7227f9fca 15786->15791 15789 7ff7227efc70 _get_daylight 13 API calls 15787->15789 15790 7ff7227efc70 _get_daylight 13 API calls 15788->15790 15792 7ff7227f9f57 15789->15792 15793 7ff7227f9fb0 15790->15793 15794 7ff7227eda10 33 API calls 15791->15794 15795 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15792->15795 15796 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15793->15796 15799 7ff7227f9fd7 15794->15799 15797 7ff7227f9f62 15795->15797 15798 7ff7227f9fbb 15796->15798 15797->15764 15798->15764 15799->15798 15800 7ff7227ff87c 34 API calls 15799->15800 15800->15799 15802 7ff7227f87a1 15801->15802 15803 7ff7227eda72 15801->15803 15802->15803 15809 7ff7227fd9d8 15802->15809 15805 7ff7227f87c0 15803->15805 15806 7ff7227f87d5 15805->15806 15807 7ff7227f87e8 15805->15807 15806->15807 15822 7ff7227fcd54 15806->15822 15807->15685 15810 7ff7227f84e4 33 API calls 15809->15810 15811 7ff7227fd9e7 15810->15811 15812 7ff7227fda32 15811->15812 15821 7ff7227faf44 EnterCriticalSection 15811->15821 15812->15803 15823 7ff7227f84e4 33 API calls 15822->15823 15824 7ff7227fcd5d 15823->15824 15826 7ff7227f7ddb 15825->15826 15830 7ff7227f7d9f _get_daylight 15825->15830 15827 7ff7227efc70 _get_daylight 13 API calls 15826->15827 15829 7ff7227f7dd9 15827->15829 15828 7ff7227f7dc2 HeapAlloc 15828->15829 15828->15830 15829->15701 15830->15826 15830->15828 15831 7ff7227fdc34 _get_daylight 2 API calls 15830->15831 15831->15830 15833 7ff7227fa0b8 MultiByteToWideChar 15832->15833 15836 7ff7227ec931 15835->15836 15838 7ff7227ec941 15835->15838 15837 7ff7227efc70 _get_daylight 13 API calls 15836->15837 15839 7ff7227ec936 15837->15839 15838->15624 15840 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15839->15840 15840->15838 15842 7ff7227f2fa0 15841->15842 15843 7ff7227f2fdd 15842->15843 15844 7ff7227f2fbc 15842->15844 15860 7ff7227efba0 EnterCriticalSection 15843->15860 15845 7ff7227efc70 _get_daylight 13 API calls 15844->15845 15847 7ff7227f2fc1 15845->15847 15849 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15847->15849 15852 7ff7227f2fcb 15849->15852 15852->15636 15862 7ff7227f2a04 15861->15862 15872 7ff7227f2ab7 memcpy_s 15861->15872 15863 7ff7227f2ac7 15862->15863 15865 7ff7227f2a1b 15862->15865 15868 7ff7227f8660 _get_daylight 13 API calls 15863->15868 15863->15872 15864 7ff7227efc70 _get_daylight 13 API calls 15878 7ff7227e6b10 15864->15878 15897 7ff7227faf44 EnterCriticalSection 15865->15897 15869 7ff7227f2ae3 15868->15869 15869->15872 15874 7ff7227f7d90 _fread_nolock 14 API calls 15869->15874 15872->15864 15872->15878 15874->15872 15878->14470 15927 7ff7227eab1e RtlLookupFunctionEntry 15926->15927 15928 7ff7227eab34 RtlVirtualUnwind 15927->15928 15929 7ff7227ea93b 15927->15929 15928->15927 15928->15929 15930 7ff7227ea8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 15929->15930 15932 7ff7227f0bbc 15931->15932 15933 7ff7227f0be2 15932->15933 15936 7ff7227f0c15 15932->15936 15934 7ff7227efc70 _get_daylight 13 API calls 15933->15934 15935 7ff7227f0be7 15934->15935 15937 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 15935->15937 15938 7ff7227f0c1b 15936->15938 15939 7ff7227f0c28 15936->15939 15949 7ff7227e3ba9 15937->15949 15941 7ff7227efc70 _get_daylight 13 API calls 15938->15941 15950 7ff7227f5be4 15939->15950 15941->15949 15949->14560 15963 7ff7227faf44 EnterCriticalSection 15950->15963 16374 7ff7227e12c6 16373->16374 16375 7ff7227e12f8 16373->16375 16376 7ff7227e3b50 98 API calls 16374->16376 16378 7ff7227e132f 16375->16378 16379 7ff7227e130e 16375->16379 16377 7ff7227e12d6 16376->16377 16377->16375 16380 7ff7227e12de 16377->16380 16385 7ff7227e1364 16378->16385 16386 7ff7227e1344 16378->16386 16381 7ff7227e24c0 40 API calls 16379->16381 16382 7ff7227e2760 18 API calls 16380->16382 16383 7ff7227e1325 16381->16383 16384 7ff7227e12ee 16382->16384 16383->14590 16384->14590 16388 7ff7227e1395 16385->16388 16389 7ff7227e137e 16385->16389 16387 7ff7227e24c0 40 API calls 16386->16387 16391 7ff7227e135f 16387->16391 16388->16391 16393 7ff7227ecbe0 _fread_nolock 46 API calls 16388->16393 16396 7ff7227e13de 16388->16396 16390 7ff7227e1050 86 API calls 16389->16390 16392 7ff7227e138f 16390->16392 16394 7ff7227e1421 16391->16394 16395 7ff7227ec8c4 64 API calls 16391->16395 16392->16391 16397 7ff7227ef95c __vcrt_freefls 14 API calls 16392->16397 16393->16388 16394->14590 16395->16394 16398 7ff7227e24c0 40 API calls 16396->16398 16397->16391 16398->16392 16400 7ff7227e1669 16399->16400 16401 7ff7227e16ab 16399->16401 16400->16401 16402 7ff7227e2760 18 API calls 16400->16402 16401->14598 16403 7ff7227e16bf 16402->16403 16403->14598 16405 7ff7227e7490 16 API calls 16404->16405 16406 7ff7227e6cb7 LoadLibraryExW 16405->16406 16407 7ff7227ef95c __vcrt_freefls 14 API calls 16406->16407 16408 7ff7227e5202 16407->16408 16408->14611 16410 7ff7227e4780 16409->16410 16411 7ff7227e47bb 16410->16411 16414 7ff7227e47db 16410->16414 16412 7ff7227e2760 18 API calls 16411->16412 16413 7ff7227e47d1 16412->16413 16418 7ff7227ea5f0 _wfindfirst32i64 8 API calls 16413->16418 16415 7ff7227e4832 16414->16415 16417 7ff7227e481a 16414->16417 16422 7ff7227e2760 18 API calls 16414->16422 16416 7ff7227e4869 16415->16416 16420 7ff7227e2760 18 API calls 16415->16420 16421 7ff7227e6ca0 31 API calls 16416->16421 16489 7ff7227e3ae0 16417->16489 16419 7ff7227e2e7e 16418->16419 16419->14685 16431 7ff7227e4af0 16419->16431 16420->16416 16424 7ff7227e4876 16421->16424 16422->16417 16426 7ff7227e487b 16424->16426 16427 7ff7227e489d 16424->16427 16429 7ff7227e2610 16 API calls 16426->16429 16495 7ff7227e3c90 GetProcAddress 16427->16495 16428 7ff7227e6ca0 31 API calls 16428->16415 16429->16413 16432 7ff7227e7490 16 API calls 16431->16432 16433 7ff7227e4b12 16432->16433 16434 7ff7227e4b2e 16433->16434 16435 7ff7227e4b17 16433->16435 16438 7ff7227e7490 16 API calls 16434->16438 16436 7ff7227e2760 18 API calls 16435->16436 16437 7ff7227e4b23 16436->16437 16437->14687 16440 7ff7227e4b5c 16438->16440 16439 7ff7227e2760 18 API calls 16441 7ff7227e4cd7 16439->16441 16442 7ff7227e4c03 16440->16442 16443 7ff7227e4bde 16440->16443 16455 7ff7227e4b61 16440->16455 16441->14687 16445 7ff7227e7490 16 API calls 16442->16445 16444 7ff7227e2760 18 API calls 16443->16444 16446 7ff7227e4bf3 16444->16446 16447 7ff7227e4c1c 16445->16447 16446->14687 16447->16455 16599 7ff7227e48d0 16447->16599 16451 7ff7227e4ca4 16454 7ff7227ef95c __vcrt_freefls 14 API calls 16451->16454 16452 7ff7227e4c6d 16452->16451 16453 7ff7227ef95c __vcrt_freefls 14 API calls 16452->16453 16452->16455 16453->16452 16454->16455 16455->16439 16456 7ff7227e4cc0 16455->16456 16456->14687 16458 7ff7227e4557 16457->16458 16458->16458 16459 7ff7227e4579 16458->16459 16467 7ff7227e4590 16458->16467 16460 7ff7227e2760 18 API calls 16459->16460 16461 7ff7227e4585 16460->16461 16461->14689 16462 7ff7227e465d 16462->14689 16463 7ff7227e1770 18 API calls 16463->16467 16464 7ff7227e12b0 105 API calls 16464->16467 16465 7ff7227e2760 18 API calls 16465->16467 16466 7ff7227ef95c __vcrt_freefls 14 API calls 16466->16467 16467->16462 16467->16463 16467->16464 16467->16465 16467->16466 16470 7ff7227e474d 16468->16470 16472 7ff7227e468b 16468->16472 16469 7ff7227e1770 18 API calls 16469->16472 16470->14691 16471 7ff7227e2760 18 API calls 16471->16472 16472->16469 16472->16470 16472->16471 16490 7ff7227e3aea 16489->16490 16491 7ff7227e7490 16 API calls 16490->16491 16492 7ff7227e3b12 16491->16492 16493 7ff7227ea5f0 _wfindfirst32i64 8 API calls 16492->16493 16494 7ff7227e3b3a 16493->16494 16494->16415 16494->16428 16496 7ff7227e3cd0 GetProcAddress 16495->16496 16497 7ff7227e3cb2 16495->16497 16496->16497 16498 7ff7227e3cf5 GetProcAddress 16496->16498 16499 7ff7227e2610 16 API calls 16497->16499 16498->16497 16500 7ff7227e3d1a GetProcAddress 16498->16500 16502 7ff7227e3cc5 16499->16502 16500->16497 16501 7ff7227e3d42 GetProcAddress 16500->16501 16501->16497 16503 7ff7227e3d6a GetProcAddress 16501->16503 16502->16413 16503->16497 16504 7ff7227e3d92 GetProcAddress 16503->16504 16504->16497 16505 7ff7227e3dba GetProcAddress 16504->16505 16506 7ff7227e3dd6 16505->16506 16507 7ff7227e3de2 GetProcAddress 16505->16507 16506->16507 16508 7ff7227e3dfe 16507->16508 16509 7ff7227e3e0a GetProcAddress 16507->16509 16508->16509 16510 7ff7227e3e26 16509->16510 16511 7ff7227e3e32 GetProcAddress 16509->16511 16510->16511 16512 7ff7227e3e4e 16511->16512 16513 7ff7227e3e5a GetProcAddress 16511->16513 16512->16513 16514 7ff7227e3e76 16513->16514 16515 7ff7227e3e82 GetProcAddress 16513->16515 16514->16515 16516 7ff7227e3e9e 16515->16516 16517 7ff7227e3eaa GetProcAddress 16515->16517 16516->16517 16518 7ff7227e3ec6 16517->16518 16519 7ff7227e3ed2 GetProcAddress 16517->16519 16518->16519 16520 7ff7227e3eee 16519->16520 16521 7ff7227e3efa GetProcAddress 16519->16521 16520->16521 16522 7ff7227e3f16 16521->16522 16523 7ff7227e3f22 GetProcAddress 16521->16523 16522->16523 16524 7ff7227e3f3e 16523->16524 16525 7ff7227e3f4a GetProcAddress 16523->16525 16524->16525 16526 7ff7227e3f66 16525->16526 16527 7ff7227e3f72 GetProcAddress 16525->16527 16526->16527 16528 7ff7227e3f8e 16527->16528 16529 7ff7227e3f9a GetProcAddress 16527->16529 16528->16529 16530 7ff7227e3fb6 16529->16530 16531 7ff7227e3fc2 GetProcAddress 16529->16531 16530->16531 16604 7ff7227e48ea mbstowcs 16599->16604 16600 7ff7227e4a96 16601 7ff7227ea5f0 _wfindfirst32i64 8 API calls 16600->16601 16603 7ff7227e4ab5 16601->16603 16602 7ff7227e1770 18 API calls 16602->16604 16625 7ff7227e7690 16603->16625 16604->16600 16604->16602 16605 7ff7227e49f8 16604->16605 16607 7ff7227e4ace 16604->16607 16605->16600 16606 7ff7227f4c20 _fread_nolock 30 API calls 16605->16606 16608 7ff7227e4a0f 16606->16608 16610 7ff7227e2760 18 API calls 16607->16610 16636 7ff7227f0f20 16608->16636 16610->16600 16611 7ff7227e4a1b 16612 7ff7227f4c20 _fread_nolock 30 API calls 16611->16612 16613 7ff7227e4a2d 16612->16613 16628 7ff7227e76af 16625->16628 16626 7ff7227e76b7 16626->16452 16627 7ff7227e7700 MultiByteToWideChar 16627->16628 16630 7ff7227e778c 16627->16630 16628->16626 16628->16627 16628->16630 16631 7ff7227e7748 MultiByteToWideChar 16628->16631 16629 7ff7227e2610 16 API calls 16632 7ff7227e77b8 16629->16632 16630->16629 16631->16628 16631->16630 16633 7ff7227e77d1 16632->16633 16634 7ff7227ef95c __vcrt_freefls 14 API calls 16632->16634 16635 7ff7227ef95c __vcrt_freefls 14 API calls 16633->16635 16634->16632 16635->16626 16637 7ff7227f0f79 16636->16637 16642 7ff7227f0f49 16636->16642 16638 7ff7227f0f7e 16637->16638 16641 7ff7227f0f8b 16637->16641 16640 7ff7227efc70 _get_daylight 13 API calls 16638->16640 16639 7ff7227f0ff4 16643 7ff7227efc70 _get_daylight 13 API calls 16639->16643 16654 7ff7227f0f83 16640->16654 16641->16639 16645 7ff7227f0fbb 16641->16645 16642->16637 16646 7ff7227f0f69 16642->16646 16644 7ff7227f0f6e 16643->16644 16649 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 16644->16649 16661 7ff7227f2284 EnterCriticalSection 16645->16661 16648 7ff7227efc70 _get_daylight 13 API calls 16646->16648 16648->16644 16649->16654 16654->16611 16704 7ff7227efb4f 16703->16704 16712 7ff7227f9c3c 16704->16712 16725 7ff7227faf44 EnterCriticalSection 16712->16725 16727 7ff7227f84e4 33 API calls 16726->16727 16728 7ff7227f4b89 16727->16728 16729 7ff7227f4ca8 33 API calls 16728->16729 16730 7ff7227f4b9f 16729->16730 17793 7ff7227f2650 17798 7ff7227faf44 EnterCriticalSection 17793->17798 17421 7ff7227f69cc 17422 7ff7227f69f5 17421->17422 17423 7ff7227f6a0d 17421->17423 17424 7ff7227efc50 _fread_nolock 13 API calls 17422->17424 17425 7ff7227f6a87 17423->17425 17429 7ff7227f6a3e 17423->17429 17426 7ff7227f69fa 17424->17426 17427 7ff7227efc50 _fread_nolock 13 API calls 17425->17427 17428 7ff7227efc70 _get_daylight 13 API calls 17426->17428 17430 7ff7227f6a8c 17427->17430 17433 7ff7227f6a02 17428->17433 17445 7ff7227f2284 EnterCriticalSection 17429->17445 17432 7ff7227efc70 _get_daylight 13 API calls 17430->17432 17435 7ff7227f6a94 17432->17435 17438 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17435->17438 17438->17433 17571 7ff7228043cb 17572 7ff7228043e4 17571->17572 17573 7ff7228043da 17571->17573 17575 7ff7227faf98 LeaveCriticalSection 17573->17575 17498 7ff7227f3048 17499 7ff7227f305f 17498->17499 17500 7ff7227f307e 17498->17500 17502 7ff7227efc70 _get_daylight 13 API calls 17499->17502 17510 7ff7227efba0 EnterCriticalSection 17500->17510 17504 7ff7227f3064 17502->17504 17506 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17504->17506 17509 7ff7227f306f 17506->17509 17823 7ff7227f8364 17824 7ff7227f837e 17823->17824 17825 7ff7227f8369 17823->17825 17829 7ff7227f8384 17825->17829 17830 7ff7227f83c6 17829->17830 17831 7ff7227f83ce 17829->17831 17832 7ff7227f59cc __free_lconv_num 13 API calls 17830->17832 17833 7ff7227f59cc __free_lconv_num 13 API calls 17831->17833 17832->17831 17834 7ff7227f83db 17833->17834 17835 7ff7227f59cc __free_lconv_num 13 API calls 17834->17835 17836 7ff7227f83e8 17835->17836 17837 7ff7227f59cc __free_lconv_num 13 API calls 17836->17837 17838 7ff7227f83f5 17837->17838 17839 7ff7227f59cc __free_lconv_num 13 API calls 17838->17839 17840 7ff7227f8402 17839->17840 17841 7ff7227f59cc __free_lconv_num 13 API calls 17840->17841 17842 7ff7227f840f 17841->17842 17843 7ff7227f59cc __free_lconv_num 13 API calls 17842->17843 17844 7ff7227f841c 17843->17844 17845 7ff7227f59cc __free_lconv_num 13 API calls 17844->17845 17846 7ff7227f8429 17845->17846 17847 7ff7227f59cc __free_lconv_num 13 API calls 17846->17847 17848 7ff7227f8439 17847->17848 17849 7ff7227f59cc __free_lconv_num 13 API calls 17848->17849 17850 7ff7227f8449 17849->17850 17855 7ff7227f8234 17850->17855 17869 7ff7227faf44 EnterCriticalSection 17855->17869 17460 7ff7227f42d8 17461 7ff7227f42f5 GetModuleHandleW 17460->17461 17462 7ff7227f433f 17460->17462 17461->17462 17468 7ff7227f4302 17461->17468 17470 7ff7227f41d0 17462->17470 17468->17462 17484 7ff7227f43e0 GetModuleHandleExW 17468->17484 17490 7ff7227faf44 EnterCriticalSection 17470->17490 17485 7ff7227f4425 17484->17485 17486 7ff7227f4406 GetProcAddress 17484->17486 17488 7ff7227f4435 17485->17488 17489 7ff7227f442f FreeLibrary 17485->17489 17486->17485 17487 7ff7227f441d 17486->17487 17487->17485 17488->17462 17489->17488 18250 7ff7227ea670 18251 7ff7227ea680 18250->18251 18267 7ff7227f0ee0 18251->18267 18253 7ff7227ea68c 18273 7ff7227eac00 18253->18273 18255 7ff7227eaee0 7 API calls 18257 7ff7227ea725 18255->18257 18256 7ff7227ea6a4 _RTC_Initialize 18265 7ff7227ea6f9 18256->18265 18278 7ff7227eadb0 18256->18278 18259 7ff7227ea6b9 18281 7ff7227f39a8 18259->18281 18265->18255 18266 7ff7227ea715 18265->18266 18268 7ff7227f0ef1 18267->18268 18269 7ff7227f0ef9 18268->18269 18270 7ff7227efc70 _get_daylight 13 API calls 18268->18270 18269->18253 18271 7ff7227f0f08 18270->18271 18272 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 18271->18272 18272->18269 18274 7ff7227eac11 18273->18274 18275 7ff7227eac16 __scrt_release_startup_lock 18273->18275 18274->18275 18276 7ff7227eaee0 7 API calls 18274->18276 18275->18256 18277 7ff7227eac8a 18276->18277 18306 7ff7227ead74 18278->18306 18280 7ff7227eadb9 18280->18259 18282 7ff7227f39c8 18281->18282 18297 7ff7227ea6c5 18281->18297 18283 7ff7227f39e6 GetModuleFileNameW 18282->18283 18284 7ff7227f39d0 18282->18284 18288 7ff7227f3a11 18283->18288 18285 7ff7227efc70 _get_daylight 13 API calls 18284->18285 18286 7ff7227f39d5 18285->18286 18287 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 18286->18287 18287->18297 18321 7ff7227f3948 18288->18321 18291 7ff7227f3a59 18292 7ff7227efc70 _get_daylight 13 API calls 18291->18292 18293 7ff7227f3a5e 18292->18293 18294 7ff7227f59cc __free_lconv_num 13 API calls 18293->18294 18294->18297 18295 7ff7227f3a93 18298 7ff7227f59cc __free_lconv_num 13 API calls 18295->18298 18296 7ff7227f3a71 18296->18295 18299 7ff7227f3abf 18296->18299 18300 7ff7227f3ad8 18296->18300 18297->18265 18305 7ff7227eae84 InitializeSListHead 18297->18305 18298->18297 18301 7ff7227f59cc __free_lconv_num 13 API calls 18299->18301 18302 7ff7227f59cc __free_lconv_num 13 API calls 18300->18302 18303 7ff7227f3ac8 18301->18303 18302->18295 18304 7ff7227f59cc __free_lconv_num 13 API calls 18303->18304 18304->18297 18307 7ff7227ead8e 18306->18307 18309 7ff7227ead87 18306->18309 18310 7ff7227f49c0 18307->18310 18309->18280 18313 7ff7227f460c 18310->18313 18320 7ff7227faf44 EnterCriticalSection 18313->18320 18322 7ff7227f3960 18321->18322 18323 7ff7227f3998 18321->18323 18322->18323 18324 7ff7227f9550 _get_daylight 13 API calls 18322->18324 18323->18291 18323->18296 18325 7ff7227f398e 18324->18325 18326 7ff7227f59cc __free_lconv_num 13 API calls 18325->18326 18326->18323 17300 7ff7227fa16c 17301 7ff7227fa354 17300->17301 17303 7ff7227fa1af _isindst 17300->17303 17302 7ff7227efc70 _get_daylight 13 API calls 17301->17302 17320 7ff7227fa346 17302->17320 17303->17301 17306 7ff7227fa22b _isindst 17303->17306 17304 7ff7227ea5f0 _wfindfirst32i64 8 API calls 17305 7ff7227fa36f 17304->17305 17321 7ff7228005b4 17306->17321 17311 7ff7227fa380 17312 7ff7227f5984 _wfindfirst32i64 17 API calls 17311->17312 17314 7ff7227fa394 17312->17314 17318 7ff7227fa288 17318->17320 17345 7ff7228005f4 17318->17345 17320->17304 17322 7ff7228005c2 17321->17322 17323 7ff7227fa249 17321->17323 17352 7ff7227faf44 EnterCriticalSection 17322->17352 17327 7ff7227ff9b0 17323->17327 17328 7ff7227ff9b9 17327->17328 17332 7ff7227fa25e 17327->17332 17329 7ff7227efc70 _get_daylight 13 API calls 17328->17329 17330 7ff7227ff9be 17329->17330 17331 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17330->17331 17331->17332 17332->17311 17333 7ff7227ff9e0 17332->17333 17334 7ff7227fa26f 17333->17334 17335 7ff7227ff9e9 17333->17335 17334->17311 17339 7ff7227ffa10 17334->17339 17336 7ff7227efc70 _get_daylight 13 API calls 17335->17336 17337 7ff7227ff9ee 17336->17337 17338 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17337->17338 17338->17334 17340 7ff7227ffa19 17339->17340 17341 7ff7227fa280 17339->17341 17342 7ff7227efc70 _get_daylight 13 API calls 17340->17342 17341->17311 17341->17318 17343 7ff7227ffa1e 17342->17343 17344 7ff7227f5964 _invalid_parameter_noinfo 30 API calls 17343->17344 17344->17341 17353 7ff7227faf44 EnterCriticalSection 17345->17353 18382 7ff7227fbe94 18393 7ff722801960 18382->18393 18395 7ff72280198b 18393->18395 18394 7ff7227f59cc __free_lconv_num 13 API calls 18394->18395 18395->18394 18396 7ff7228019a3 18395->18396 18397 7ff7227f59cc __free_lconv_num 13 API calls 18396->18397 18398 7ff7227fbe9d 18396->18398 18397->18396 18399 7ff7227faf44 EnterCriticalSection 18398->18399 17677 7ff722804307 17678 7ff722804317 17677->17678 17681 7ff7227efbac LeaveCriticalSection 17678->17681

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00007FF722800010 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 280timeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 136 7ff722800010-7ff722800050 call 7ff7227ff9a0 call 7ff7227ff9a8 call 7ff7227ffa10 143 7ff722800056-7ff722800061 call 7ff7227ff9b0 136->143 144 7ff72280028e-7ff7228002d9 call 7ff7227f5984 call 7ff7227ff9a0 call 7ff7227ff9a8 call 7ff7227ffa10 136->144 143->144 150 7ff722800067-7ff722800071 143->150 171 7ff7228002df-7ff7228002ea call 7ff7227ff9b0 144->171 172 7ff722800417-7ff722800485 call 7ff7227f5984 call 7ff7227fbd60 144->172 152 7ff722800073-7ff722800076 150->152 153 7ff722800097-7ff72280009b 150->153 156 7ff722800079-7ff722800084 152->156 154 7ff72280009e-7ff7228000a6 153->154 154->154 157 7ff7228000a8-7ff7228000bb call 7ff7227f7d90 154->157 159 7ff722800086-7ff72280008d 156->159 160 7ff72280008f-7ff722800091 156->160 166 7ff722800271-7ff722800274 call 7ff7227f59cc 157->166 167 7ff7228000c1-7ff7228000d3 call 7ff7227f59cc 157->167 159->156 159->160 160->153 161 7ff722800279-7ff72280028d 160->161 166->161 178 7ff7228000da-7ff7228000e2 167->178 171->172 179 7ff7228002f0-7ff7228002fb call 7ff7227ff9e0 171->179 189 7ff72280048e-7ff722800491 172->189 190 7ff722800487-7ff72280048c 172->190 178->178 181 7ff7228000e4-7ff7228000f2 call 7ff7227fb0d4 178->181 179->172 188 7ff722800301-7ff722800324 call 7ff7227f59cc GetTimeZoneInformation 179->188 181->144 191 7ff7228000f8-7ff722800151 call 7ff7227eba40 * 4 call 7ff7227fff2c 181->191 206 7ff7228003ec-7ff722800416 call 7ff7227ff998 call 7ff7227ff988 call 7ff7227ff990 188->206 207 7ff72280032a-7ff72280034b 188->207 194 7ff722800493-7ff722800496 189->194 195 7ff722800498-7ff7228004ab call 7ff7227f7d90 189->195 193 7ff7228004df-7ff7228004f1 190->193 249 7ff722800153-7ff722800157 191->249 199 7ff7228004f3-7ff7228004f6 193->199 200 7ff722800502 193->200 194->193 210 7ff7228004b6-7ff7228004d1 call 7ff7227fbd60 195->210 211 7ff7228004ad 195->211 199->200 208 7ff7228004f8-7ff722800500 call 7ff722800010 199->208 204 7ff722800507-7ff722800533 call 7ff7227f59cc call 7ff7227ea5f0 200->204 205 7ff722800502 call 7ff7228002a4 200->205 205->204 212 7ff722800356-7ff72280035d 207->212 213 7ff72280034d-7ff722800353 207->213 208->204 235 7ff7228004d3-7ff7228004d6 210->235 236 7ff7228004d8 210->236 219 7ff7228004af-7ff7228004b4 call 7ff7227f59cc 211->219 221 7ff722800371 212->221 222 7ff72280035f-7ff722800367 212->222 213->212 219->194 230 7ff722800373-7ff7228003e7 call 7ff7227eba40 * 4 call 7ff7227fd20c call 7ff722800534 * 2 221->230 222->221 229 7ff722800369-7ff72280036f 222->229 229->230 230->206 235->219 236->193 241 7ff7228004da call 7ff7227f59cc 236->241 241->193 251 7ff72280015d-7ff722800161 249->251 252 7ff722800159 249->252 251->249 254 7ff722800163-7ff72280018a call 7ff7227f7e1c 251->254 252->251 260 7ff72280018d-7ff722800191 254->260 262 7ff722800193-7ff72280019e 260->262 263 7ff7228001a0-7ff7228001a4 260->263 262->263 264 7ff7228001a6-7ff7228001aa 262->264 263->260 267 7ff7228001ac-7ff7228001d4 call 7ff7227f7e1c 264->267 268 7ff72280022b-7ff722800230 264->268 276 7ff7228001d6 267->276 277 7ff7228001f2-7ff7228001f6 267->277 270 7ff722800232-7ff722800234 268->270 271 7ff722800237-7ff722800244 268->271 270->271 273 7ff722800246-7ff72280025d call 7ff7227fff2c 271->273 274 7ff722800260-7ff72280026f call 7ff7227ff998 call 7ff7227ff988 271->274 273->274 274->166 280 7ff7228001d9-7ff7228001e0 276->280 277->268 282 7ff7228001f8-7ff722800216 call 7ff7227f7e1c 277->282 280->277 283 7ff7228001e2-7ff7228001f0 280->283 288 7ff722800222-7ff722800229 282->288 283->277 283->280 288->268 289 7ff722800218-7ff72280021c 288->289 289->268 290 7ff72280021e 289->290 290->288
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                            • API String ID: 435049134-239921721
                                                                                                                                                                                            • Opcode ID: 58cdc8587cf83bd56faf21a3990621100b965ba913e33c42328a1e7fc78fe5cb
                                                                                                                                                                                            • Instruction ID: ffdc0998051574307bd460fa5dc29e7a495e4a7171fa9a6b2595296e6a6b12dd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 58cdc8587cf83bd56faf21a3990621100b965ba913e33c42328a1e7fc78fe5cb
                                                                                                                                                                                            • Instruction Fuzzy Hash: DAB1AD22A0C64286FB20FF22DC415B9A7A1FB89794F844135EE4D47796DFBCE551CB20
                                                                                                                                                                                            Function 00007FF7227E62D0 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 139COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,00000000,?,00007FF7227E629D), ref: 00007FF7227E636A
                                                                                                                                                                                              • Part of subcall function 00007FF7227E64E0: GetEnvironmentVariableW.KERNEL32(00007FF7227E3589), ref: 00007FF7227E651A
                                                                                                                                                                                              • Part of subcall function 00007FF7227E64E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7227E6537
                                                                                                                                                                                              • Part of subcall function 00007FF7227F1D4C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7227F1D65
                                                                                                                                                                                            • SetEnvironmentVariableW.KERNEL32(?,TokenIntegrityLevel), ref: 00007FF7227E6421
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2760: MessageBoxW.USER32 ref: 00007FF7227E2831
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Environment$Variable$ExpandMessagePathStringsTemp_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: LOADER: Failed to set the TMP environment variable.$TMP$TMP$_MEI%d
                                                                                                                                                                                            • API String ID: 3752271684-1116378104
                                                                                                                                                                                            • Opcode ID: ecec62baef99eba00c83ca9975c9f6d413ae2d7db85a3e803ba863a42bf3c2e2
                                                                                                                                                                                            • Instruction ID: 7a3890320e5acaeca1c6ded26c5f61b498bb495cd7eb6213ffd7031f9e78d01f
                                                                                                                                                                                            • Opcode Fuzzy Hash: ecec62baef99eba00c83ca9975c9f6d413ae2d7db85a3e803ba863a42bf3c2e2
                                                                                                                                                                                            • Instruction Fuzzy Hash: B5513A11B1D68361FA55B622AD252B99291DF5FBC0FC44031EE4E87B9BEDBCE501CA30
                                                                                                                                                                                            Function 00007FF7228002A4 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149timeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 781 7ff7228002a4-7ff7228002d9 call 7ff7227ff9a0 call 7ff7227ff9a8 call 7ff7227ffa10 788 7ff7228002df-7ff7228002ea call 7ff7227ff9b0 781->788 789 7ff722800417-7ff722800485 call 7ff7227f5984 call 7ff7227fbd60 781->789 788->789 794 7ff7228002f0-7ff7228002fb call 7ff7227ff9e0 788->794 801 7ff72280048e-7ff722800491 789->801 802 7ff722800487-7ff72280048c 789->802 794->789 800 7ff722800301-7ff722800324 call 7ff7227f59cc GetTimeZoneInformation 794->800 814 7ff7228003ec-7ff722800416 call 7ff7227ff998 call 7ff7227ff988 call 7ff7227ff990 800->814 815 7ff72280032a-7ff72280034b 800->815 805 7ff722800493-7ff722800496 801->805 806 7ff722800498-7ff7228004ab call 7ff7227f7d90 801->806 804 7ff7228004df-7ff7228004f1 802->804 809 7ff7228004f3-7ff7228004f6 804->809 810 7ff722800502 804->810 805->804 817 7ff7228004b6-7ff7228004d1 call 7ff7227fbd60 806->817 818 7ff7228004ad 806->818 809->810 816 7ff7228004f8-7ff722800500 call 7ff722800010 809->816 812 7ff722800507-7ff722800533 call 7ff7227f59cc call 7ff7227ea5f0 810->812 813 7ff722800502 call 7ff7228002a4 810->813 813->812 819 7ff722800356-7ff72280035d 815->819 820 7ff72280034d-7ff722800353 815->820 816->812 839 7ff7228004d3-7ff7228004d6 817->839 840 7ff7228004d8 817->840 825 7ff7228004af-7ff7228004b4 call 7ff7227f59cc 818->825 827 7ff722800371 819->827 828 7ff72280035f-7ff722800367 819->828 820->819 825->805 835 7ff722800373-7ff7228003e7 call 7ff7227eba40 * 4 call 7ff7227fd20c call 7ff722800534 * 2 827->835 828->827 834 7ff722800369-7ff72280036f 828->834 834->835 835->814 839->825 840->804 844 7ff7228004da call 7ff7227f59cc 840->844 844->804
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$FreeHeapInformationTimeZone
                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                            • API String ID: 428190724-239921721
                                                                                                                                                                                            • Opcode ID: 55e869582554ddb5549c8990e86a244669a00d33a611132a5f4e4556225478bd
                                                                                                                                                                                            • Instruction ID: 5f4b133ac642ed6b8cc0f5e891e7a8df583f4637c83758ea77d90bce6f2296a3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 55e869582554ddb5549c8990e86a244669a00d33a611132a5f4e4556225478bd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 20613932A1C68286F720EF22DD815A9A7A0FB49784FC45135EA4D43796DFBCE510CF60
                                                                                                                                                                                            Function 00007FF7227FB13C Relevance: 1.9, APIs: 1, Instructions: 439COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 25ffa3ad9a6848d6b15a33b5fbcc7b2dc7f8eca4e988235b3d8984f97c270caa
                                                                                                                                                                                            • Instruction ID: 43be7ef4a3346a0986e91d0e75a076bd44feade34cc553f16fe6b38145f2d699
                                                                                                                                                                                            • Opcode Fuzzy Hash: 25ffa3ad9a6848d6b15a33b5fbcc7b2dc7f8eca4e988235b3d8984f97c270caa
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5202AD21A0D69741FA25BF219D01279A690EF0EBA0F845635DF6D573D1DEBCE811CB30
                                                                                                                                                                                            Function 00007FF7227E17A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2153230061-4158440160
                                                                                                                                                                                            • Opcode ID: 320f3964a2904e40c61c5f8f551b81845132cf9ff697b3714dfa5a7d511f77b3
                                                                                                                                                                                            • Instruction ID: a433bb2e6a1600b95e39af4b82677d793411922ce27f62d3cf863b668e401218
                                                                                                                                                                                            • Opcode Fuzzy Hash: 320f3964a2904e40c61c5f8f551b81845132cf9ff697b3714dfa5a7d511f77b3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C517E71A0D68296FB18EF24D851178A3A0FB49B58B908135DA1D873A5DFBCE944CB70
                                                                                                                                                                                            Function 00007FF7227E1440 Relevance: 21.1, APIs: 1, Strings: 11, Instructions: 133COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 53 7ff7227e1440-7ff7227e1457 call 7ff7227e6270 56 7ff7227e1462-7ff7227e1485 call 7ff7227e6590 53->56 57 7ff7227e1459-7ff7227e1461 53->57 60 7ff7227e14a7-7ff7227e14ad 56->60 61 7ff7227e1487-7ff7227e14a2 call 7ff7227e24c0 56->61 63 7ff7227e14e0-7ff7227e14f4 call 7ff7227eceb0 60->63 64 7ff7227e14af-7ff7227e14ba call 7ff7227e3b50 60->64 69 7ff7227e1635-7ff7227e1647 61->69 72 7ff7227e1516-7ff7227e151a 63->72 73 7ff7227e14f6-7ff7227e1511 call 7ff7227e24c0 63->73 70 7ff7227e14bf-7ff7227e14c5 64->70 70->63 71 7ff7227e14c7-7ff7227e14db call 7ff7227e2760 70->71 82 7ff7227e1617-7ff7227e161d 71->82 76 7ff7227e1534-7ff7227e1554 call 7ff7227ef970 72->76 77 7ff7227e151c-7ff7227e1528 call 7ff7227e1050 72->77 73->82 85 7ff7227e1556-7ff7227e1570 call 7ff7227e24c0 76->85 86 7ff7227e1575-7ff7227e157b 76->86 83 7ff7227e152d-7ff7227e152f 77->83 87 7ff7227e161f call 7ff7227ec8c4 82->87 88 7ff7227e162b-7ff7227e162e call 7ff7227ec8c4 82->88 83->82 99 7ff7227e160d-7ff7227e1612 85->99 90 7ff7227e1605-7ff7227e1608 call 7ff7227ef95c 86->90 91 7ff7227e1581-7ff7227e1586 86->91 97 7ff7227e1624 87->97 98 7ff7227e1633 88->98 90->99 96 7ff7227e1590-7ff7227e15b2 call 7ff7227ecbe0 91->96 102 7ff7227e15b4-7ff7227e15cc call 7ff7227ed108 96->102 103 7ff7227e15e5-7ff7227e15ec 96->103 97->88 98->69 99->82 109 7ff7227e15d5-7ff7227e15e3 102->109 110 7ff7227e15ce-7ff7227e15d1 102->110 105 7ff7227e15f3-7ff7227e15fb call 7ff7227e24c0 103->105 111 7ff7227e1600 105->111 109->105 110->96 112 7ff7227e15d3 110->112 111->90 112->111
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                            • API String ID: 0-666925554
                                                                                                                                                                                            • Opcode ID: e5ce6323e48777d0a9406b2abc808c21f1a2b89249d9890ff652b4c5083f7640
                                                                                                                                                                                            • Instruction ID: 9be075fec4b75dc4b09378aa50f8df38b7c067243f3b016585d59c3124f31284
                                                                                                                                                                                            • Opcode Fuzzy Hash: e5ce6323e48777d0a9406b2abc808c21f1a2b89249d9890ff652b4c5083f7640
                                                                                                                                                                                            • Instruction Fuzzy Hash: 39517F61B0C682A1FA25BB119C11679A390FF4AB94FC44531DF1D477A6EEBCEA44CB30
                                                                                                                                                                                            Function 00007FF7227E7300 Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 90COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Token$ConvertDescriptorInformationProcessSecurityString$CloseCreateCurrentDirectoryErrorFreeHandleLastLocalOpen
                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$S-1-3-4
                                                                                                                                                                                            • API String ID: 4998090-2855260032
                                                                                                                                                                                            • Opcode ID: dc76126c835db98321b49172510b1caac6cf202960df20c733dcbb0845c1114c
                                                                                                                                                                                            • Instruction ID: 6e012e3b2f56677fc9037793015ced14f4e679e192ee913e2bbc079b8c07cecc
                                                                                                                                                                                            • Opcode Fuzzy Hash: dc76126c835db98321b49172510b1caac6cf202960df20c733dcbb0845c1114c
                                                                                                                                                                                            • Instruction Fuzzy Hash: E3417F3161C68292FB50AB11EC546AAA3A0FF89790F840231EB5E46BD5DFBCE504CF70
                                                                                                                                                                                            Function 00007FF722800F7C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 291 7ff722800f7c-7ff722800fef call 7ff722800cac 294 7ff722800ff1-7ff722800ffa call 7ff7227efc50 291->294 295 7ff722801009-7ff722801013 call 7ff7227f2394 291->295 300 7ff722800ffd-7ff722801004 call 7ff7227efc70 294->300 301 7ff722801015-7ff72280102c call 7ff7227efc50 call 7ff7227efc70 295->301 302 7ff72280102e-7ff722801097 CreateFileW 295->302 318 7ff722801342-7ff722801362 300->318 301->300 303 7ff722801114-7ff72280111f GetFileType 302->303 304 7ff722801099-7ff72280109f 302->304 311 7ff722801172-7ff722801179 303->311 312 7ff722801121-7ff72280115c GetLastError call 7ff7227efc00 CloseHandle 303->312 308 7ff7228010e1-7ff72280110f GetLastError call 7ff7227efc00 304->308 309 7ff7228010a1-7ff7228010a5 304->309 308->300 309->308 316 7ff7228010a7-7ff7228010df CreateFileW 309->316 314 7ff722801181-7ff722801184 311->314 315 7ff72280117b-7ff72280117f 311->315 312->300 326 7ff722801162-7ff72280116d call 7ff7227efc70 312->326 321 7ff72280118a-7ff7228011db call 7ff7227f22ac 314->321 322 7ff722801186 314->322 315->321 316->303 316->308 330 7ff7228011dd-7ff7228011e9 call 7ff722800eb8 321->330 331 7ff7228011fa-7ff72280122a call 7ff722800a18 321->331 322->321 326->300 330->331 338 7ff7228011eb 330->338 336 7ff7228011ed-7ff7228011f5 call 7ff7227f5b24 331->336 337 7ff72280122c-7ff72280126f 331->337 336->318 339 7ff722801291-7ff72280129c 337->339 340 7ff722801271-7ff722801275 337->340 338->336 343 7ff7228012a2-7ff7228012a6 339->343 344 7ff722801340 339->344 340->339 342 7ff722801277-7ff72280128c 340->342 342->339 343->344 346 7ff7228012ac-7ff7228012f1 CloseHandle CreateFileW 343->346 344->318 347 7ff722801326-7ff72280133b 346->347 348 7ff7228012f3-7ff722801321 GetLastError call 7ff7227efc00 call 7ff7227f24d4 346->348 347->344 348->347
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1330151763-0
                                                                                                                                                                                            • Opcode ID: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                            • Instruction ID: 150cec6d69d27b4a7bdf3465702a661c130859c584c736de615bb6994ac3de2a
                                                                                                                                                                                            • Opcode Fuzzy Hash: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                            • Instruction Fuzzy Hash: 41C1C232B28A4186FB14DF68C8806BC77A1FB49BA8B905225DE1E577E4CF78D561C720
                                                                                                                                                                                            Function 00007FF7227E1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 353 7ff7227e1000-7ff7227e3528 call 7ff7227ec838 call 7ff7227ec830 call 7ff7227e70f0 call 7ff7227ec830 call 7ff7227ea620 call 7ff7227efb30 call 7ff7227f06c8 call 7ff7227e1ae0 371 7ff7227e363c 353->371 372 7ff7227e352e-7ff7227e353d call 7ff7227e3a40 353->372 373 7ff7227e3641-7ff7227e3661 call 7ff7227ea5f0 371->373 372->371 378 7ff7227e3543-7ff7227e3556 call 7ff7227e3910 372->378 378->371 381 7ff7227e355c-7ff7227e356f call 7ff7227e39c0 378->381 381->371 384 7ff7227e3575-7ff7227e359c call 7ff7227e64e0 381->384 387 7ff7227e35de-7ff7227e3606 call 7ff7227e6a80 call 7ff7227e19c0 384->387 388 7ff7227e359e-7ff7227e35ad call 7ff7227e64e0 384->388 399 7ff7227e36ef-7ff7227e3700 387->399 400 7ff7227e360c-7ff7227e3622 call 7ff7227e19c0 387->400 388->387 393 7ff7227e35af-7ff7227e35b5 388->393 395 7ff7227e35c1-7ff7227e35db call 7ff7227ef95c call 7ff7227e6a80 393->395 396 7ff7227e35b7-7ff7227e35bf 393->396 395->387 396->395 402 7ff7227e3715-7ff7227e372d call 7ff7227e7490 399->402 403 7ff7227e3702-7ff7227e370c call 7ff7227e3040 399->403 409 7ff7227e3624-7ff7227e3637 call 7ff7227e2760 400->409 410 7ff7227e3662-7ff7227e3665 400->410 418 7ff7227e3740-7ff7227e3747 SetDllDirectoryW 402->418 419 7ff7227e372f-7ff7227e373b call 7ff7227e2760 402->419 416 7ff7227e370e 403->416 417 7ff7227e374d-7ff7227e375a call 7ff7227e59d0 403->417 409->371 410->399 415 7ff7227e366b-7ff7227e3682 call 7ff7227e3b50 410->415 428 7ff7227e3684-7ff7227e3687 415->428 429 7ff7227e3689-7ff7227e36b5 call 7ff7227e6cf0 415->429 416->402 426 7ff7227e375c-7ff7227e376c call 7ff7227e56b0 417->426 427 7ff7227e37a8-7ff7227e37ad call 7ff7227e5950 417->427 418->417 419->371 426->427 441 7ff7227e376e-7ff7227e377d call 7ff7227e5260 426->441 435 7ff7227e37b2-7ff7227e37b5 427->435 432 7ff7227e36c4-7ff7227e36da call 7ff7227e2760 428->432 442 7ff7227e36df-7ff7227e36ed 429->442 443 7ff7227e36b7-7ff7227e36bf call 7ff7227ec8c4 429->443 432->371 439 7ff7227e3866-7ff7227e3875 call 7ff7227e2ed0 435->439 440 7ff7227e37bb-7ff7227e37c8 435->440 439->371 457 7ff7227e387b-7ff7227e38b2 call 7ff7227e6a10 call 7ff7227e64e0 call 7ff7227e5050 439->457 445 7ff7227e37d0-7ff7227e37da 440->445 455 7ff7227e377f-7ff7227e378b call 7ff7227e51f0 441->455 456 7ff7227e379e-7ff7227e37a3 call 7ff7227e54d0 441->456 442->403 443->432 449 7ff7227e37e3-7ff7227e37e5 445->449 450 7ff7227e37dc-7ff7227e37e1 445->450 453 7ff7227e3831-7ff7227e3861 call 7ff7227e3030 call 7ff7227e2e70 call 7ff7227e3020 call 7ff7227e54d0 call 7ff7227e5950 449->453 454 7ff7227e37e7-7ff7227e380a call 7ff7227e1b20 449->454 450->445 450->449 453->373 454->371 469 7ff7227e3810-7ff7227e381b 454->469 455->456 470 7ff7227e378d-7ff7227e379c call 7ff7227e5860 455->470 456->427 457->371 480 7ff7227e38b8-7ff7227e38ed call 7ff7227e3030 call 7ff7227e6ac0 call 7ff7227e54d0 call 7ff7227e5950 457->480 473 7ff7227e3820-7ff7227e382f 469->473 470->435 473->453 473->473 493 7ff7227e38ef-7ff7227e38f2 call 7ff7227e6780 480->493 494 7ff7227e38f7-7ff7227e3901 call 7ff7227e1aa0 480->494 493->494 494->373
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF7227E3A40: GetModuleFileNameW.KERNEL32(?,00007FF7227E353B), ref: 00007FF7227E3A71
                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32 ref: 00007FF7227E3747
                                                                                                                                                                                              • Part of subcall function 00007FF7227E64E0: GetEnvironmentVariableW.KERNEL32(00007FF7227E3589), ref: 00007FF7227E651A
                                                                                                                                                                                              • Part of subcall function 00007FF7227E64E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7227E6537
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                            • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                            • API String ID: 2344891160-3602715111
                                                                                                                                                                                            • Opcode ID: 634af5e38b099d4ab9da3bb714968a81f6264db8282b38b2bfa4d71c2b2d0ce5
                                                                                                                                                                                            • Instruction ID: 6afa8ec7de691db5f545a0ba2aa1ab6d2114c3172d8ca99c86dc581c6428e97c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 634af5e38b099d4ab9da3bb714968a81f6264db8282b38b2bfa4d71c2b2d0ce5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 94B15261A1C6C361FA65BB219D512BDA290FF5A784FC04031EB4D4B796EEBCE605CB30
                                                                                                                                                                                            Function 00007FF7227E1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 498 7ff7227e1050-7ff7227e10ab call 7ff7227e9350 501 7ff7227e10d3-7ff7227e10eb call 7ff7227ef970 498->501 502 7ff7227e10ad-7ff7227e10d2 call 7ff7227e2760 498->502 507 7ff7227e10ed-7ff7227e1104 call 7ff7227e24c0 501->507 508 7ff7227e1109-7ff7227e1119 call 7ff7227ef970 501->508 513 7ff7227e126c-7ff7227e12a0 call 7ff7227e9040 call 7ff7227ef95c * 2 507->513 514 7ff7227e111b-7ff7227e1132 call 7ff7227e24c0 508->514 515 7ff7227e1137-7ff7227e1147 508->515 514->513 516 7ff7227e1150-7ff7227e1175 call 7ff7227ecbe0 515->516 524 7ff7227e117b-7ff7227e1185 call 7ff7227ec954 516->524 525 7ff7227e125e 516->525 524->525 532 7ff7227e118b-7ff7227e1197 524->532 527 7ff7227e1264 525->527 527->513 533 7ff7227e11a0-7ff7227e11c8 call 7ff7227e7810 532->533 536 7ff7227e1241-7ff7227e125c call 7ff7227e2760 533->536 537 7ff7227e11ca-7ff7227e11cd 533->537 536->527 538 7ff7227e11cf-7ff7227e11d9 537->538 539 7ff7227e123c 537->539 542 7ff7227e1203-7ff7227e1206 538->542 543 7ff7227e11db-7ff7227e11e8 call 7ff7227ed108 538->543 539->536 544 7ff7227e1208-7ff7227e1216 call 7ff7227eb390 542->544 545 7ff7227e1219-7ff7227e121e 542->545 549 7ff7227e11ed-7ff7227e11f0 543->549 544->545 545->533 548 7ff7227e1220-7ff7227e1223 545->548 553 7ff7227e1225-7ff7227e1228 548->553 554 7ff7227e1237-7ff7227e123a 548->554 550 7ff7227e11f2-7ff7227e11fc call 7ff7227ec954 549->550 551 7ff7227e11fe-7ff7227e1201 549->551 550->545 550->551 551->536 553->536 556 7ff7227e122a-7ff7227e1232 553->556 554->527 556->516
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                            • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                            • API String ID: 2030045667-1060636955
                                                                                                                                                                                            • Opcode ID: 88de99cecb210096d77ed5fe1f357874706b0e8379534369d9e58cdccc4a0b2f
                                                                                                                                                                                            • Instruction ID: e32d7e12c0e501da4e02ea176fe04a4b9fc6a315a63fd6f5bdb583c5ee429117
                                                                                                                                                                                            • Opcode Fuzzy Hash: 88de99cecb210096d77ed5fe1f357874706b0e8379534369d9e58cdccc4a0b2f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 45519422B0C6C295FA64BB11AC413BAA291FB4A794FC44135DB4D87795EEBCE904CF30
                                                                                                                                                                                            Function 00007FF7227E6AC0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 93processsynchronizationCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF7227E7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7227E74CA
                                                                                                                                                                                              • Part of subcall function 00007FF7227F29DC: SetConsoleCtrlHandler.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7227F4CC0), ref: 00007FF7227F2A49
                                                                                                                                                                                              • Part of subcall function 00007FF7227F29DC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00007FF7227F4CC0), ref: 00007FF7227F2A64
                                                                                                                                                                                            • GetStartupInfoW.KERNEL32 ref: 00007FF7227E6B47
                                                                                                                                                                                              • Part of subcall function 00007FF7227F4C20: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7227F4C34
                                                                                                                                                                                              • Part of subcall function 00007FF7227F2590: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7227F25F7
                                                                                                                                                                                            • GetCommandLineW.KERNEL32 ref: 00007FF7227E6BCF
                                                                                                                                                                                            • CreateProcessW.KERNELBASE ref: 00007FF7227E6C11
                                                                                                                                                                                            • WaitForSingleObject.KERNEL32 ref: 00007FF7227E6C25
                                                                                                                                                                                            • GetExitCodeProcess.KERNELBASE ref: 00007FF7227E6C35
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process_invalid_parameter_noinfo$ByteCharCodeCommandConsoleCreateCtrlErrorExitHandlerInfoLastLineMultiObjectSingleStartupWaitWide
                                                                                                                                                                                            • String ID: CreateProcessW$Error creating child process!
                                                                                                                                                                                            • API String ID: 1742298069-3524285272
                                                                                                                                                                                            • Opcode ID: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
                                                                                                                                                                                            • Instruction ID: 6a37f931d41947cafd121950fc5ad508df4c3ff98359e50953a27767dc4dfe3f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 34d3020eba07ba2d97dcf2fb01128670c0ea838258e1194f51c279e9e3a7fdcb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E414032A0C68296E710EB60E8552AAF3A0FF99350F900535E78D03B95DFBCD555CF60
                                                                                                                                                                                            Function 00007FF7227F6408 Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 668 7ff7227f6408-7ff7227f642e 669 7ff7227f6430-7ff7227f6444 call 7ff7227efc50 call 7ff7227efc70 668->669 670 7ff7227f6449-7ff7227f644d 668->670 684 7ff7227f6843 669->684 672 7ff7227f6453-7ff7227f645a 670->672 673 7ff7227f682c-7ff7227f6838 call 7ff7227efc50 call 7ff7227efc70 670->673 672->673 675 7ff7227f6460-7ff7227f6492 672->675 692 7ff7227f683e call 7ff7227f5964 673->692 675->673 678 7ff7227f6498-7ff7227f649f 675->678 681 7ff7227f64a1-7ff7227f64b3 call 7ff7227efc50 call 7ff7227efc70 678->681 682 7ff7227f64b8-7ff7227f64bb 678->682 681->692 687 7ff7227f64c1-7ff7227f64c3 682->687 688 7ff7227f6828-7ff7227f682a 682->688 690 7ff7227f6846-7ff7227f685d 684->690 687->688 689 7ff7227f64c9-7ff7227f64cc 687->689 688->690 689->681 693 7ff7227f64ce-7ff7227f64f4 689->693 692->684 696 7ff7227f64f6-7ff7227f64f9 693->696 697 7ff7227f6533-7ff7227f653b 693->697 699 7ff7227f6521-7ff7227f652e 696->699 700 7ff7227f64fb-7ff7227f6503 696->700 701 7ff7227f6505-7ff7227f651c call 7ff7227efc50 call 7ff7227efc70 call 7ff7227f5964 697->701 702 7ff7227f653d-7ff7227f6565 call 7ff7227f7d90 call 7ff7227f59cc * 2 697->702 704 7ff7227f65b7-7ff7227f65ca 699->704 700->699 700->701 733 7ff7227f66bc 701->733 729 7ff7227f6582-7ff7227f65b3 call 7ff7227f6b60 702->729 730 7ff7227f6567-7ff7227f657d call 7ff7227efc70 call 7ff7227efc50 702->730 707 7ff7227f6646-7ff7227f6650 call 7ff7227fdda0 704->707 708 7ff7227f65cc-7ff7227f65d4 704->708 721 7ff7227f6656-7ff7227f666b 707->721 722 7ff7227f66da 707->722 708->707 713 7ff7227f65d6-7ff7227f65d8 708->713 713->707 717 7ff7227f65da-7ff7227f65f1 713->717 717->707 718 7ff7227f65f3-7ff7227f65ff 717->718 718->707 723 7ff7227f6601-7ff7227f6603 718->723 721->722 727 7ff7227f666d-7ff7227f667f GetConsoleMode 721->727 725 7ff7227f66df-7ff7227f66ff ReadFile 722->725 723->707 728 7ff7227f6605-7ff7227f661d 723->728 731 7ff7227f6705-7ff7227f670d 725->731 732 7ff7227f67f2-7ff7227f67fb GetLastError 725->732 727->722 734 7ff7227f6681-7ff7227f6689 727->734 728->707 736 7ff7227f661f-7ff7227f662b 728->736 729->704 730->733 731->732 738 7ff7227f6713 731->738 741 7ff7227f67fd-7ff7227f6813 call 7ff7227efc70 call 7ff7227efc50 732->741 742 7ff7227f6818-7ff7227f681b 732->742 735 7ff7227f66bf-7ff7227f66c9 call 7ff7227f59cc 733->735 734->725 740 7ff7227f668b-7ff7227f66ad ReadConsoleW 734->740 735->690 736->707 745 7ff7227f662d-7ff7227f662f 736->745 749 7ff7227f671a-7ff7227f672f 738->749 751 7ff7227f66af GetLastError 740->751 752 7ff7227f66ce-7ff7227f66d8 740->752 741->733 746 7ff7227f66b5-7ff7227f66b7 call 7ff7227efc00 742->746 747 7ff7227f6821-7ff7227f6823 742->747 745->707 755 7ff7227f6631-7ff7227f6641 745->755 746->733 747->735 749->735 757 7ff7227f6731-7ff7227f673c 749->757 751->746 752->749 755->707 761 7ff7227f6763-7ff7227f676b 757->761 762 7ff7227f673e-7ff7227f6757 call 7ff7227f5fcc 757->762 765 7ff7227f67e0-7ff7227f67ed call 7ff7227f5d84 761->765 766 7ff7227f676d-7ff7227f677f 761->766 770 7ff7227f675c-7ff7227f675e 762->770 765->770 767 7ff7227f67d3-7ff7227f67db 766->767 768 7ff7227f6781 766->768 767->735 771 7ff7227f6786-7ff7227f678d 768->771 770->735 773 7ff7227f678f-7ff7227f6793 771->773 774 7ff7227f67c9-7ff7227f67cd 771->774 775 7ff7227f6795-7ff7227f679c 773->775 776 7ff7227f67af 773->776 774->767 775->776 777 7ff7227f679e-7ff7227f67a2 775->777 778 7ff7227f67b5-7ff7227f67c5 776->778 777->776 779 7ff7227f67a4-7ff7227f67ad 777->779 778->771 780 7ff7227f67c7 778->780 779->778 780->767
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: ebd7444367072219966275c470e2b77938e3cc8ba9916451fa94e3284f505fc6
                                                                                                                                                                                            • Instruction ID: 003f9eeb11036eeae74937af68e8cb91d0cd6ec91a6e6c0a0ce5e14bdccbdeb3
                                                                                                                                                                                            • Opcode Fuzzy Hash: ebd7444367072219966275c470e2b77938e3cc8ba9916451fa94e3284f505fc6
                                                                                                                                                                                            • Instruction Fuzzy Hash: F0C1D322A0C68752F660BB1598402BDBBA1FB8AB80FD50135DB5D07791CEBCE855CF70
                                                                                                                                                                                            Function 00007FF7227F7748 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 858 7ff7227f7748-7ff7227f776d 859 7ff7227f7773-7ff7227f7776 858->859 860 7ff7227f7a11 858->860 861 7ff7227f7797-7ff7227f77be 859->861 862 7ff7227f7778-7ff7227f7792 call 7ff7227efc50 call 7ff7227efc70 call 7ff7227f5964 859->862 863 7ff7227f7a13-7ff7227f7a2a 860->863 865 7ff7227f77c0-7ff7227f77c7 861->865 866 7ff7227f77c9-7ff7227f77cf 861->866 862->863 865->862 865->866 868 7ff7227f77d1-7ff7227f77da call 7ff7227f6b60 866->868 869 7ff7227f77df-7ff7227f77ed call 7ff7227fdda0 866->869 868->869 875 7ff7227f77f3-7ff7227f7803 869->875 876 7ff7227f78fe-7ff7227f790e 869->876 875->876 878 7ff7227f7809-7ff7227f781c call 7ff7227f84e4 875->878 880 7ff7227f7910-7ff7227f7915 876->880 881 7ff7227f795d-7ff7227f7982 WriteFile 876->881 893 7ff7227f7834-7ff7227f7850 GetConsoleMode 878->893 894 7ff7227f781e-7ff7227f782e 878->894 885 7ff7227f7949-7ff7227f795b call 7ff7227f72cc 880->885 886 7ff7227f7917-7ff7227f791a 880->886 883 7ff7227f7984-7ff7227f798a GetLastError 881->883 884 7ff7227f798d 881->884 883->884 889 7ff7227f7990 884->889 900 7ff7227f78f2-7ff7227f78f9 885->900 890 7ff7227f7935-7ff7227f7947 call 7ff7227f74ec 886->890 891 7ff7227f791c-7ff7227f791f 886->891 896 7ff7227f7995 889->896 890->900 897 7ff7227f7921-7ff7227f7933 call 7ff7227f73d0 891->897 898 7ff7227f799a-7ff7227f79a4 891->898 893->876 901 7ff7227f7856-7ff7227f7859 893->901 894->876 894->893 896->898 897->900 902 7ff7227f79a6-7ff7227f79ab 898->902 903 7ff7227f7a0a-7ff7227f7a0f 898->903 900->896 905 7ff7227f785f-7ff7227f7866 901->905 906 7ff7227f78e0-7ff7227f78ed call 7ff7227f6de0 901->906 907 7ff7227f79ad-7ff7227f79b0 902->907 908 7ff7227f79da-7ff7227f79eb 902->908 903->863 905->898 911 7ff7227f786c-7ff7227f787a 905->911 906->900 914 7ff7227f79b2-7ff7227f79c2 call 7ff7227efc70 call 7ff7227efc50 907->914 915 7ff7227f79cd-7ff7227f79d5 call 7ff7227efc00 907->915 912 7ff7227f79f2-7ff7227f7a02 call 7ff7227efc70 call 7ff7227efc50 908->912 913 7ff7227f79ed-7ff7227f79f0 908->913 911->889 917 7ff7227f7880 911->917 912->903 913->860 913->912 914->915 915->908 922 7ff7227f7883-7ff7227f789a call 7ff7227fde6c 917->922 930 7ff7227f78d2-7ff7227f78db GetLastError 922->930 931 7ff7227f789c-7ff7227f78a6 922->931 930->889 932 7ff7227f78c3-7ff7227f78ca 931->932 933 7ff7227f78a8-7ff7227f78ba call 7ff7227fde6c 931->933 932->889 935 7ff7227f78d0 932->935 933->930 937 7ff7227f78bc-7ff7227f78c1 933->937 935->922 937->932
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7227F778A
                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7227F7707,?,?,?,00007FF7227F136B), ref: 00007FF7227F7848
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7227F7707,?,?,?,00007FF7227F136B), ref: 00007FF7227F78D2
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2210144848-0
                                                                                                                                                                                            • Opcode ID: d06b69eb54db138b2fabc1b490ae97352d3858303d3e99d72cf8a1c469c90f76
                                                                                                                                                                                            • Instruction ID: 75f1611104f394da4cac92ab2df5fa9475cbc220f157158fa30ad8cfb6519c3e
                                                                                                                                                                                            • Opcode Fuzzy Hash: d06b69eb54db138b2fabc1b490ae97352d3858303d3e99d72cf8a1c469c90f76
                                                                                                                                                                                            • Instruction Fuzzy Hash: 46817722E1C65289FB10AB658C402F9A6A0FB4AB94FD44132DF0E53791DFB8E855CB30
                                                                                                                                                                                            Function 00007FF7227EA754 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4144305933-0
                                                                                                                                                                                            • Opcode ID: 905a242882acf3dcbb492acab9fca3e2a56a9f2e6c63301775e57231c58ea269
                                                                                                                                                                                            • Instruction ID: cadc97f8d3e219a617785e736f7f7dd8ced2f26c0d7449cd467e0b6729033c15
                                                                                                                                                                                            • Opcode Fuzzy Hash: 905a242882acf3dcbb492acab9fca3e2a56a9f2e6c63301775e57231c58ea269
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70312911E0C182A2FB55BB649C223B9A391EF4A384FC44035DB5D5B397DEBCE845CA70
                                                                                                                                                                                            Function 00007FF7227FA16C Relevance: 6.2, APIs: 4, Instructions: 161COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 997 7ff7227fa16c-7ff7227fa1a9 998 7ff7227fa354-7ff7227fa35f call 7ff7227efc70 997->998 999 7ff7227fa1af-7ff7227fa1b5 997->999 1005 7ff7227fa363-7ff7227fa37f call 7ff7227ea5f0 998->1005 999->998 1000 7ff7227fa1bb-7ff7227fa1c3 999->1000 1000->998 1002 7ff7227fa1c9-7ff7227fa1cc 1000->1002 1002->998 1004 7ff7227fa1d2-7ff7227fa1e3 1002->1004 1006 7ff7227fa1e5-7ff7227fa1ee call 7ff7227fa10c 1004->1006 1007 7ff7227fa20d-7ff7227fa211 1004->1007 1006->998 1015 7ff7227fa1f4-7ff7227fa1f7 1006->1015 1007->998 1010 7ff7227fa217-7ff7227fa21b 1007->1010 1010->998 1012 7ff7227fa221-7ff7227fa225 1010->1012 1012->998 1014 7ff7227fa22b-7ff7227fa23b call 7ff7227fa10c 1012->1014 1020 7ff7227fa244 call 7ff7228005b4 1014->1020 1021 7ff7227fa23d-7ff7227fa240 1014->1021 1015->998 1017 7ff7227fa1fd-7ff7227fa200 1015->1017 1017->998 1019 7ff7227fa206 1017->1019 1019->1007 1024 7ff7227fa249-7ff7227fa260 call 7ff7227ff9b0 1020->1024 1021->1020 1022 7ff7227fa242 1021->1022 1022->1020 1027 7ff7227fa266-7ff7227fa271 call 7ff7227ff9e0 1024->1027 1028 7ff7227fa380-7ff7227fa397 call 7ff7227f5984 1024->1028 1027->1028 1033 7ff7227fa277-7ff7227fa282 call 7ff7227ffa10 1027->1033 1033->1028 1036 7ff7227fa288-7ff7227fa319 1033->1036 1037 7ff7227fa34f-7ff7227fa352 1036->1037 1038 7ff7227fa31b-7ff7227fa335 1036->1038 1037->1005 1039 7ff7227fa34a-7ff7227fa34d 1038->1039 1040 7ff7227fa337-7ff7227fa33b 1038->1040 1039->1005 1040->1039 1041 7ff7227fa33d-7ff7227fa348 call 7ff7228005f4 1040->1041 1041->1037 1041->1039
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                            • Opcode ID: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
                                                                                                                                                                                            • Instruction ID: bb9020a497c3ff735848c2d2251da969da54ae0a0f82280948432db1e77cbeae
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1e89f32c8738a6adba9b4243f60db3606398dcc5d4dd087393c0fa2c4f991abe
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4151E472F0C2128AFB18EB689C415BCA762EF4A398F950135DF0E56BE5DA7CE505CA10
                                                                                                                                                                                            Function 00007FF7227F0030 Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                            • Opcode ID: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
                                                                                                                                                                                            • Instruction ID: b42bd3992d752bd3d3a83b7560a50cf8b030f9a8062643c44127bfd48bf6b934
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dc1fe3e67db78ba05ff380342028693a4fa93987a2dd2de1e1e4c9ede446661
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C515A22A0C6418AFB14EF749C403BDA3A2EB59B98F944134DE095B789DFB8D495CB60
                                                                                                                                                                                            Function 00007FF7227EFEE4 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2907017715-0
                                                                                                                                                                                            • Opcode ID: 2e9f51862bea0f784220eb21cb60309d8ddf4c05621d68dd0f99bab33618c716
                                                                                                                                                                                            • Instruction ID: 17d63531d7779000f9f5b33a86c265a83b04b75666635c40b36900e586798021
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e9f51862bea0f784220eb21cb60309d8ddf4c05621d68dd0f99bab33618c716
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6531D332D1C78196F610AF209900269B650FB9B7A4F504335EBAC03BE1DFBCE1A0CB61
                                                                                                                                                                                            Function 00007FF7227F4394 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                            • Opcode ID: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                            • Instruction ID: bcc93b480b5f4dc1104e9f92c1f4308005c2b1a54f8dacbc0c3103113d47ca05
                                                                                                                                                                                            • Opcode Fuzzy Hash: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                            • Instruction Fuzzy Hash: C3E01220A0D70142F7247730ACA527952D1FF4D741F405538DA0A52356CDBDE858CB31
                                                                                                                                                                                            Function 00007FF7227F97A0 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: try_get_function
                                                                                                                                                                                            • String ID: AppPolicyGetProcessTerminationMethod
                                                                                                                                                                                            • API String ID: 2742660187-2031265017
                                                                                                                                                                                            • Opcode ID: 7c477a6e0260293fc4875704b17d5099e40d7a8fa35e17519be663d6003857eb
                                                                                                                                                                                            • Instruction ID: 98874ad7442250d906f085012712d2040d1c20bf8b1d6318047a2fa4a50532c9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c477a6e0260293fc4875704b17d5099e40d7a8fa35e17519be663d6003857eb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 94E09251E0950691FA256B62AC511A0A151DF19770EC85731DA3C063D09DECDAA9CA60
                                                                                                                                                                                            Function 00007FF7227EC980 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 3a360d2ad2bb13cf9f8ab5b50ae1311b61a053adb877290eeecf37944b2da1b9
                                                                                                                                                                                            • Instruction ID: 476388455c3dff56e844f02562cd69d276119f03e351fd8a34980fe25ff264c8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a360d2ad2bb13cf9f8ab5b50ae1311b61a053adb877290eeecf37944b2da1b9
                                                                                                                                                                                            • Instruction Fuzzy Hash: F251D425B0D2C265F62AFE259C0067AA681FF4ABA4F844238DF6C167C5CEBCD401CE34
                                                                                                                                                                                            Function 00007FF7227F01D8 Relevance: 3.0, APIs: 2, Instructions: 43timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7227F00ED), ref: 00007FF7227F020C
                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7227F00ED), ref: 00007FF7227F0220
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                            • Opcode ID: 0eaf3b3217e949b2d1843143c589130ed5bb45f9e3ac99212c08a79cd93a5246
                                                                                                                                                                                            • Instruction ID: 0d4c89a6a33980a9095d408fcbdf41112afcbe8ea499d352ce7ac41733b5d5cf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0eaf3b3217e949b2d1843143c589130ed5bb45f9e3ac99212c08a79cd93a5246
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1B118262B1C61289FB54AB6098010BDB7B1FF49765B800235DE6D55BD8EF7CD190CB30
                                                                                                                                                                                            Function 00007FF7227F6ABC Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetFilePointerEx.KERNELBASE(?,?,?,00007FF7227F77DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7227F7707), ref: 00007FF7227F6B00
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7227F77DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7227F7707), ref: 00007FF7227F6B0A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                            • Opcode ID: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                            • Instruction ID: 956d1281124600c0a98724a271cd9f61e8e566d8fa018a01af43b2c2fcb05f98
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A01A561B1CA8241FA106B25AC44079A261EF89BF0FE44331EA3E077E4DEBCD495CB21
                                                                                                                                                                                            Function 00007FF7227F201C Relevance: 3.0, APIs: 2, Instructions: 35timeCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7227F1E99), ref: 00007FF7227F203F
                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF7227F1E99), ref: 00007FF7227F2055
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                            • Opcode ID: 9bba130d84977ab18fcd365510e816d73f80cae2fb6a2fa4e9637845de17096b
                                                                                                                                                                                            • Instruction ID: efb58782833277758a5a435a093a5c46a835387ffefebb2ebec9a4a016b6c6c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9bba130d84977ab18fcd365510e816d73f80cae2fb6a2fa4e9637845de17096b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A01613250C65282F750AB25E80127AF7B1FB8A761FA00235E7AE05AD8DFBDD150CF21
                                                                                                                                                                                            Function 00007FF7227F2BB8 Relevance: 3.0, APIs: 2, Instructions: 12fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DeleteErrorFileLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2018770650-0
                                                                                                                                                                                            • Opcode ID: a110f7d1b7ec296afe3bcd74a18c0b5b99b74e1faa9278b797ccf47ad87a1743
                                                                                                                                                                                            • Instruction ID: 375148870373b21edf9478be6030646b9fc154448ed490b6df5ff354557cedc1
                                                                                                                                                                                            • Opcode Fuzzy Hash: a110f7d1b7ec296afe3bcd74a18c0b5b99b74e1faa9278b797ccf47ad87a1743
                                                                                                                                                                                            • Instruction Fuzzy Hash: ACD0C910F1D54281F6243B750C4517891D0EF99725FE00630C919813E0EEECE1968971
                                                                                                                                                                                            Function 00007FF7227F1D84 Relevance: 3.0, APIs: 2, Instructions: 12COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DirectoryErrorLastRemove
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 377330604-0
                                                                                                                                                                                            • Opcode ID: 258a339611dc062ead2a4e41dd68cb13de698b6b72ff6dd1ba0822b57a256d12
                                                                                                                                                                                            • Instruction ID: 224c7395de0cd25da5ba0728ff93dfce188604f74ff97b33a0e34d84895e899d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 258a339611dc062ead2a4e41dd68cb13de698b6b72ff6dd1ba0822b57a256d12
                                                                                                                                                                                            • Instruction Fuzzy Hash: 43D0C910E1D50396F65437725C4557991E0EF9AB24FE00634C519813E1DEACE1958932
                                                                                                                                                                                            Function 00007FF7227F5B24 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,?,?,00007FF7227F5A57,?,?,00000000,00007FF7227F5AFF,?,?,?,?,?,?,00007FF7227EC892), ref: 00007FF7227F5B8A
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7227F5A57,?,?,00000000,00007FF7227F5AFF,?,?,?,?,?,?,00007FF7227EC892), ref: 00007FF7227F5B94
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                            • Opcode ID: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                            • Instruction ID: 5c515f121c270d79d18ccd8ad7f336d0a844ea66cd419e159d0c69d1da892595
                                                                                                                                                                                            • Opcode Fuzzy Hash: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                            • Instruction Fuzzy Hash: 51116061B0C68241FAA477609CA527C9282DF4E7A4FD40635DB2D473C2DEECE854CA20
                                                                                                                                                                                            Function 00007FF7227E6780 Relevance: 1.6, APIs: 1, Instructions: 141COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide_findclose
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2772937645-0
                                                                                                                                                                                            • Opcode ID: 60610fc876f16fd9b0a90bb3068824f235090de2859d10f142fb3a36952b6a68
                                                                                                                                                                                            • Instruction ID: add01a69984872604a4baf6e80cf24550de9124277c08f9c651dba567f0c9ab6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 60610fc876f16fd9b0a90bb3068824f235090de2859d10f142fb3a36952b6a68
                                                                                                                                                                                            • Instruction Fuzzy Hash: FD71B152E1CAC581E610DB2CC9052FDA360F7A9B48F95E321CB9C12693EF78E2D5C710
                                                                                                                                                                                            Function 00007FF7227ECF5C Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 6c725879a9bfdb12692b60cf48444af2d02fd5d902aee4b12f90eb5804108709
                                                                                                                                                                                            • Instruction ID: d81122978248da7711ca69035899761a4621efd4248ca6aa28b2cba0adee1560
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c725879a9bfdb12692b60cf48444af2d02fd5d902aee4b12f90eb5804108709
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6141E761B0C28155FA55AD2A5D04279F285EF4AFE0F984134EF2D477D5CEBCE842CA31
                                                                                                                                                                                            Function 00007FF7227F6860 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 9b1145a7675111308d873b071ef6d0057c7233cdbb9b28257b39d6df29cdbb12
                                                                                                                                                                                            • Instruction ID: 1daf409f558a74e30379e4e1bcc020c0b99a108df5a28e56e260a4b8cec4edac
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b1145a7675111308d873b071ef6d0057c7233cdbb9b28257b39d6df29cdbb12
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A41E732A1D20187FA18EB18DA5027CB7A0FB4AB50F800135DFAD47790CFA9E462CB61
                                                                                                                                                                                            Function 00007FF7227F309C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                            • Instruction ID: 3af92a77a9bee0391dd1db6e360c6423c6e131de1d570ab94e63d53707e38692
                                                                                                                                                                                            • Opcode Fuzzy Hash: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1931B522E1DA8681FA54AA25CD44378A790EF4AFD4F944132CB1D0B7D5DFBCE845CB60
                                                                                                                                                                                            Function 00007FF7227E6CF0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                            • Opcode ID: 2b462a531ad0c7a4998b90e36bba901b936a93d642ac4dcc4b5fd49f203dc87c
                                                                                                                                                                                            • Instruction ID: d535aa050ff5b88f5eb75f871e42957def9e2e57421af21e8af5da3dd77e7bc1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b462a531ad0c7a4998b90e36bba901b936a93d642ac4dcc4b5fd49f203dc87c
                                                                                                                                                                                            • Instruction Fuzzy Hash: EE214F21B1C29266FA55BA1399043BAD655FB4ABD4FC84031DF4C07B86CEBCE415CB20
                                                                                                                                                                                            Function 00007FF7227F62EC Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: aa9d58daa4fdca7623e2d05d1a30ecc85dcbd656578da667b3aeae77bf12bded
                                                                                                                                                                                            • Instruction ID: 1a8c9bc7bb7abdbc07ae9f6b70263acdc5564f07cb59d3a583afa6388d6d5bbe
                                                                                                                                                                                            • Opcode Fuzzy Hash: aa9d58daa4fdca7623e2d05d1a30ecc85dcbd656578da667b3aeae77bf12bded
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC314B22A0C64296F6117B658C4127DA650EF9ABA1FD10235EB2D037E2CFFCE451CB31
                                                                                                                                                                                            Function 00007FF7227F69CC Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                            • Instruction ID: f03dabe30a6fc2953d061d5e0ae8b254157dd85abcdc3fe138e5a87aa6ff5619
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                            • Instruction Fuzzy Hash: F4218D62A0C68256F6017F219C41379A650EB89BB0F958635EE3D077E2CEBCE481CB65
                                                                                                                                                                                            Function 00007FF7227F765C Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4f8c837f573c96fa8c8593ba1b7d553f0e89515899b505bf482fc54d7a9b3302
                                                                                                                                                                                            • Instruction ID: c71d786f4c65a233e31c74ac1571b6c76a4ddb6e7a15b9a683712a45968683c7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f8c837f573c96fa8c8593ba1b7d553f0e89515899b505bf482fc54d7a9b3302
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E218D22A1C28296F601BB269C413B9A650EB897A0FD50535EA1D473D2CEFCE841CF31
                                                                                                                                                                                            Function 00007FF7227F0C88 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                            • Instruction ID: b50e513076653c26c3700afa9ebfce544ad22b7ce52a0bebeb2f2623a6f7115d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                            • Instruction Fuzzy Hash: B1115121A1D68181FA60BF519C00279E260FF9AB84F944431EB4C47B9ADFBCD400CF61
                                                                                                                                                                                            Function 00007FF722800954 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                            • Instruction ID: fb2ccb7dbe9e9fb2ad908cfc1ca1a8399941ddc8f77487a98e0aa236805a4b81
                                                                                                                                                                                            • Opcode Fuzzy Hash: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0721B332A08A8187F760AF19DC40379B6A0EB94B90FA44234EA5D476DADF7CD920CF10
                                                                                                                                                                                            Function 00007FF7227F42D8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3947729631-0
                                                                                                                                                                                            • Opcode ID: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                            • Instruction ID: 698038ba411adcd62aefc8a68458d85f083cea961a6f6fe6b6846ae00e85dbee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                            • Instruction Fuzzy Hash: D1214C32A0D7418AFB11AF64E8542BC76A4FB49708F84453AD70D12B85EFB8D595CBA0
                                                                                                                                                                                            Function 00007FF7227ECC00 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                            • Instruction ID: 42ef296179ae64101c0c5ec5ecd370e137aadb83e1fc8ba615d9d90b90fc6e83
                                                                                                                                                                                            • Opcode Fuzzy Hash: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2801E565A0D78140FA15AB629C00079E690FF8AFE0F888235DF6C17BE6CEBCD401CB20
                                                                                                                                                                                            Function 00007FF7227F1A08 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: a10dc5ed40a66074362ded059a66a8b55aceffbd99f1a5ce205f2e6dd9ff1cb3
                                                                                                                                                                                            • Instruction ID: 3cd0c9abb9bb9745aa9d4e3aefadfaea4b49425036eed842419645ae19e42772
                                                                                                                                                                                            • Opcode Fuzzy Hash: a10dc5ed40a66074362ded059a66a8b55aceffbd99f1a5ce205f2e6dd9ff1cb3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 79118220A0D74281F964BB126D40179E290EF4ABE0F944235EF5C56BE6DEBCE851CE34
                                                                                                                                                                                            Function 00007FF7227F5A80 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                            • Instruction ID: e8946879282d7d4a581d600b404038633e2ff6cdb2a46ec539157892b1e5e73e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5115EA291C68296FA14AB50DC412ADB760EB89764FD04232DB4D067E5CFBCE415CF21
                                                                                                                                                                                            Function 00007FF7227EC840 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: dd0b535c1d7f3645ba404b8c25837ebc6b1c27099b91f0e4448c8a83c69333b0
                                                                                                                                                                                            • Instruction ID: 9359b024614fdf2fbfc6612265c98196373eb816f12d811f090aeee9f58a6f63
                                                                                                                                                                                            • Opcode Fuzzy Hash: dd0b535c1d7f3645ba404b8c25837ebc6b1c27099b91f0e4448c8a83c69333b0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4901B125E0D64251FE25BA769D5227C9150DF8E764FA80730EB2E463D2CEBCE401CA70
                                                                                                                                                                                            Function 00007FF7227ED108 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 3046e24bed232bedf9ab96f5d1dc5647e2b8c2cb7c1726276d598b4946c118ea
                                                                                                                                                                                            • Instruction ID: dc4066104c2fe093584eff829fa8435f1302cabd44d888a22e4fbb678300455f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3046e24bed232bedf9ab96f5d1dc5647e2b8c2cb7c1726276d598b4946c118ea
                                                                                                                                                                                            • Instruction Fuzzy Hash: 52017972A04B4698FB10EFA0D8404EC77B8FB69348B810125EB4C13758EF74D1A4C7A0
                                                                                                                                                                                            Function 00007FF7227ECCA8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                            • Instruction ID: d4cf92f00e4752660016598f78c462e0fed77c43b56d191969a4b3d182589836
                                                                                                                                                                                            • Opcode Fuzzy Hash: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                            • Instruction Fuzzy Hash: CDF0CD21A0DAC251FA11BA66AC0107DE150EF8BBE0F981130EB1947BA6CEBCD8518B30
                                                                                                                                                                                            Function 00007FF7227EC8C4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                            • Instruction ID: f4cb4d7c3491204fe9cc638625572b380ec41a9e667c4f53a3a732ae20771a3d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                            • Instruction Fuzzy Hash: EAF0B42090D68655F916B779AD1217DA140DF8E390F980130EB2D8A7C2CEBCE441DF31
                                                                                                                                                                                            Function 00007FF7227F3048 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                            • Instruction ID: 71073b9720eb67000bae251df466d0423d80de88bc623ce88e265a4568ccdd35
                                                                                                                                                                                            • Opcode Fuzzy Hash: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 08E06520E5E68250F915BB76AC11179A151DF8A7F0F941730EB7D0ABC2DEBCD050CB24
                                                                                                                                                                                            Function 00007FF7227EFB44 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalDeleteSection
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 166494926-0
                                                                                                                                                                                            • Opcode ID: 8d0dae8a45092f006951544f9f9d69e80f6c2e4684f50a6404461fbdd949d340
                                                                                                                                                                                            • Instruction ID: a0a877456a5d84f112bd8cb6ec68d5fe5a4a03407c1359647d245698a0cf2dd6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8d0dae8a45092f006951544f9f9d69e80f6c2e4684f50a6404461fbdd949d340
                                                                                                                                                                                            • Instruction Fuzzy Hash: 76F0C065E0CA4687FF14BB66EC95378A2D0DF9D754F801231CB5D463628EACE8A4CA31
                                                                                                                                                                                            Function 00007FF7227F1D4C Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 6984acfd79743b9bc40b8bfb81ba82963a1efe41c6f03bb84f2c3655ac542c53
                                                                                                                                                                                            • Instruction ID: b62960f243ddfbec6479f2163fa25a6e70ac748129b8a0d6d25623bb90c4692b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6984acfd79743b9bc40b8bfb81ba82963a1efe41c6f03bb84f2c3655ac542c53
                                                                                                                                                                                            • Instruction Fuzzy Hash: 23E0B655E5D64786FB247AB25D821799160CF5E380F944034DF48063E2DEACE845DE71
                                                                                                                                                                                            Function 00007FF7227F59CC Relevance: 1.5, APIs: 1, Instructions: 14memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                            • Opcode ID: acdbf11aae047a79c9ec42cda96ce7ee898aca8c8a575da0409811d9637c2f0e
                                                                                                                                                                                            • Instruction ID: a365c40f4ceca895c628801ad4a4f32c676195ffda330092e908565ba4645b4c
                                                                                                                                                                                            • Opcode Fuzzy Hash: acdbf11aae047a79c9ec42cda96ce7ee898aca8c8a575da0409811d9637c2f0e
                                                                                                                                                                                            • Instruction Fuzzy Hash: CCD0A740E2D68342FA28B3F39C800308181DFAAB40F880030C90D402519E9CE4A5CB34
                                                                                                                                                                                            Function 00007FF7227E6E20 Relevance: 1.3, APIs: 1, Instructions: 88sleepCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF7227F2BB8: DeleteFileW.KERNELBASE ref: 00007FF7227F2BBC
                                                                                                                                                                                              • Part of subcall function 00007FF7227F2BB8: GetLastError.KERNEL32 ref: 00007FF7227F2BC6
                                                                                                                                                                                            • Sleep.KERNEL32(0000000100000000,00007FF7227E690E,00000000,00007FF7227E38F7), ref: 00007FF7227E6F6A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DeleteErrorFileLastSleep
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3792865491-0
                                                                                                                                                                                            • Opcode ID: 22fbbc665f8beedd618d4c615c2cafdb76cce68371e549ef1a4929170aa5c884
                                                                                                                                                                                            • Instruction ID: 58037706c4c20ccf9f148b90cae9e9441c4200a8275670bd72060009cd45c5e6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 22fbbc665f8beedd618d4c615c2cafdb76cce68371e549ef1a4929170aa5c884
                                                                                                                                                                                            • Instruction Fuzzy Hash: 44415512D1C7C591F651AB24D9012FCA360FBAA744F85A231EB8D12297EF78E6D8C720
                                                                                                                                                                                            Function 00007FF7227F9550 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF7227F86BD,?,?,00000000,00007FF7227EFC79,?,?,?,?,00007FF7227F59F1), ref: 00007FF7227F95A5
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                            • Opcode ID: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                            • Instruction ID: 14ff5c389a31ad85522619906727b8601c6480de666c87d6f0422ef499650d02
                                                                                                                                                                                            • Opcode Fuzzy Hash: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF04954F0E22781FE647A665C112B5D290EF9EB80F8C0030DE0E873D1EEACE480CA30
                                                                                                                                                                                            Function 00007FF7227F7D90 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                            • Opcode ID: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                            • Instruction ID: 7b79bc58de0c42051d22d3532b02b4336716c264d733af673db7a6d8d66a2d35
                                                                                                                                                                                            • Opcode Fuzzy Hash: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F0F812B0E64645FA6476635D812B59280DF8EBA0FC80634EE2E863D2DEFCE451CA31

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00007FF7227E3C90 Relevance: 285.7, APIs: 54, Strings: 109, Instructions: 443libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressProc
                                                                                                                                                                                            • String ID: Failed to get address for PyDict_GetItemString$Failed to get address for PyErr_Clear$Failed to get address for PyErr_Fetch$Failed to get address for PyErr_NormalizeException$Failed to get address for PyErr_Occurred$Failed to get address for PyErr_Print$Failed to get address for PyErr_Restore$Failed to get address for PyEval_EvalCode$Failed to get address for PyImport_AddModule$Failed to get address for PyImport_ExecCodeModule$Failed to get address for PyImport_ImportModule$Failed to get address for PyList_Append$Failed to get address for PyList_New$Failed to get address for PyLong_AsLong$Failed to get address for PyMarshal_ReadObjectFromString$Failed to get address for PyMem_RawFree$Failed to get address for PyModule_GetDict$Failed to get address for PyObject_CallFunction$Failed to get address for PyObject_CallFunctionObjArgs$Failed to get address for PyObject_GetAttrString$Failed to get address for PyObject_SetAttrString$Failed to get address for PyObject_Str$Failed to get address for PyRun_SimpleStringFlags$Failed to get address for PySys_AddWarnOption$Failed to get address for PySys_GetObject$Failed to get address for PySys_SetArgvEx$Failed to get address for PySys_SetObject$Failed to get address for PySys_SetPath$Failed to get address for PyUnicode_AsUTF8$Failed to get address for PyUnicode_Decode$Failed to get address for PyUnicode_DecodeFSDefault$Failed to get address for PyUnicode_FromFormat$Failed to get address for PyUnicode_FromString$Failed to get address for PyUnicode_Join$Failed to get address for PyUnicode_Replace$Failed to get address for Py_BuildValue$Failed to get address for Py_DecRef$Failed to get address for Py_DecodeLocale$Failed to get address for Py_DontWriteBytecodeFlag$Failed to get address for Py_FileSystemDefaultEncoding$Failed to get address for Py_Finalize$Failed to get address for Py_FrozenFlag$Failed to get address for Py_GetPath$Failed to get address for Py_IgnoreEnvironmentFlag$Failed to get address for Py_IncRef$Failed to get address for Py_Initialize$Failed to get address for Py_NoSiteFlag$Failed to get address for Py_NoUserSiteDirectory$Failed to get address for Py_OptimizeFlag$Failed to get address for Py_SetPath$Failed to get address for Py_SetProgramName$Failed to get address for Py_SetPythonHome$Failed to get address for Py_UnbufferedStdioFlag$Failed to get address for Py_VerboseFlag$GetProcAddress$PyDict_GetItemString$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyList_Append$PyList_New$PyLong_AsLong$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyRun_SimpleStringFlags$PySys_AddWarnOption$PySys_GetObject$PySys_SetArgvEx$PySys_SetObject$PySys_SetPath$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_BuildValue$Py_DecRef$Py_DecodeLocale$Py_DontWriteBytecodeFlag$Py_FileSystemDefaultEncoding$Py_Finalize$Py_FrozenFlag$Py_GetPath$Py_IgnoreEnvironmentFlag$Py_IncRef$Py_Initialize$Py_NoSiteFlag$Py_NoUserSiteDirectory$Py_OptimizeFlag$Py_SetPath$Py_SetProgramName$Py_SetPythonHome$Py_UnbufferedStdioFlag$Py_VerboseFlag
                                                                                                                                                                                            • API String ID: 190572456-139387903
                                                                                                                                                                                            • Opcode ID: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
                                                                                                                                                                                            • Instruction ID: 729cae17189dce2d9e5fc998c67c9860fab262b28db1bda8671e0d0c9b90cbf0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 25571350705606e69c6884172ef84a6fbccfbccdf8a43baf74e4d03ce1e63489
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1F324B64A4EB6390FA55BB04AC64178A3E1FF0A740BD45435C90E063A4EFFDF668CA71
                                                                                                                                                                                            Function 00007FF7227E1B80 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                            • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                            • API String ID: 2446303242-1601438679
                                                                                                                                                                                            • Opcode ID: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                            • Instruction ID: 02a36544919f48485a163d82119bbf21b69113fa7be908b4c44e5fed08b646e0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 32A15A36208B8197E7149F21E85479AB7B0F789B90F904129DB8D03B24CFBDE265CF60
                                                                                                                                                                                            Function 00007FF7227FE4EC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1209COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                            • API String ID: 808467561-2761157908
                                                                                                                                                                                            • Opcode ID: 22e86934e9aa7124c19ddb337e70a2f8114e375dd55049989a6c0d29b15b255f
                                                                                                                                                                                            • Instruction ID: 40451ebe558cbda6f9d1bff925735d083572ee835b0f082986fde8d8381cd238
                                                                                                                                                                                            • Opcode Fuzzy Hash: 22e86934e9aa7124c19ddb337e70a2f8114e375dd55049989a6c0d29b15b255f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 87B2B172A1C2928BF7649E68D8407F9B6A1FB49348F905135DB0D57B84DFB8EA00CF51
                                                                                                                                                                                            Function 00007FF7227E6FA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00007FF7227E2690), ref: 00007FF7227E6FC7
                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000000,00007FF7227E2690), ref: 00007FF7227E6FF6
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 00007FF7227E704C
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7227E7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7227E101D), ref: 00007FF7227E2644
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: MessageBoxW.USER32 ref: 00007FF7227E271C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                            • API String ID: 2920928814-2573406579
                                                                                                                                                                                            • Opcode ID: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                            • Instruction ID: 8cd69832570acf0a4db6f9c8f8a7ec1fd27444ae683478f07ae315f61b1d761a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 09213061A1CA82A1FB60BB11EC542AAA3A5FF49384FC40135D64D427A4EFBCD655CF30
                                                                                                                                                                                            Function 00007FF7227E82D8 Relevance: 12.0, Strings: 9, Instructions: 730COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                            • API String ID: 0-2665694366
                                                                                                                                                                                            • Opcode ID: 049921a658be687a5ad71860aa43a6d749bd02c33d2519cf778dba4da53bf44e
                                                                                                                                                                                            • Instruction ID: 67b8203e1315eeaeb398aecf0a058710213d363cfa130b9cb96fd70ce2589bce
                                                                                                                                                                                            • Opcode Fuzzy Hash: 049921a658be687a5ad71860aa43a6d749bd02c33d2519cf778dba4da53bf44e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70521572A186E69BE794AB14D848A7E77ADFB89340F814139E749837D0DF78D844CF20
                                                                                                                                                                                            Function 00007FF7227EAEE0 Relevance: 10.6, APIs: 7, Instructions: 72COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                            • Opcode ID: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
                                                                                                                                                                                            • Instruction ID: 31ec7d413e9780b39c27f8b2f67724ed55ad2ea935345cf4ab6816f080ef8c4c
                                                                                                                                                                                            • Opcode Fuzzy Hash: e440e0af2a8a59d969f9bdb60f36ca4ebaa98fd206effc6c2ec9c6feadcd0944
                                                                                                                                                                                            • Instruction Fuzzy Hash: F3311C72609A8199FB60AF60EC503EDA3A4FB89744F844039DB4E47B95DF7CD658CB20
                                                                                                                                                                                            Function 00007FF7227FC06C Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 37001c61dc4f3eed81f14e1e40c76d842fb23aae6b6f71e9e67832284e23fd88
                                                                                                                                                                                            • Instruction ID: 1a1adde0b698302e95b83aadc58a035a127dad320da50a73e899782069f9bf04
                                                                                                                                                                                            • Opcode Fuzzy Hash: 37001c61dc4f3eed81f14e1e40c76d842fb23aae6b6f71e9e67832284e23fd88
                                                                                                                                                                                            • Instruction Fuzzy Hash: BEA1B562B1C68281FA20EB669C041BAE7A0FB5ABD4F844539DF5D47B84DFBCD445CB20
                                                                                                                                                                                            Function 00007FF7227F5750 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                            • Opcode ID: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                            • Instruction ID: 979926fd2a07e8660e79338ccc134c5cabb6af00b4246870419a0f874830565d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                            • Instruction Fuzzy Hash: A7316F32608B8196EB60DF25EC402AEB3A4FB89758F940135EB9D43B95DF7CC555CB20
                                                                                                                                                                                            Function 00007FF7227F6DE0 Relevance: 7.8, APIs: 5, Instructions: 328fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastWrite$ConsoleOutput
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1443284424-0
                                                                                                                                                                                            • Opcode ID: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
                                                                                                                                                                                            • Instruction ID: 3de173ea31f989bfadb7efed9d0e61a0272de697c10080a2fdf3578549ca4543
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0a19410c419814db5db070c5d12a1b78bfb040d79319ef459e0b6fcfc05cf743
                                                                                                                                                                                            • Instruction Fuzzy Hash: 05E1F262B1C6819AF700DB64D8401EEBBB1FB4A788F804136DF4E57B99DE78D516CB10
                                                                                                                                                                                            Function 00007FF7227FFF2C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                            • Opcode ID: 04833c3b7dc3858268eb9e0a584bbc25512f1991472f0a42b83565db3ec32565
                                                                                                                                                                                            • Instruction ID: 84a151b840e87bdd2214954e3623fedf19b630ba30301cdb943e0e9abc33262b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 04833c3b7dc3858268eb9e0a584bbc25512f1991472f0a42b83565db3ec32565
                                                                                                                                                                                            • Instruction Fuzzy Hash: B991B226E0C25246FB20BB259C002BAA791EB8ABD4F944131EF4D47BD5DEBCD951CB50
                                                                                                                                                                                            Function 00007FF7227E7AA4 Relevance: 5.4, Strings: 4, Instructions: 399COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: $header crc mismatch$unknown compression method$unknown header flags set
                                                                                                                                                                                            • API String ID: 0-4074041902
                                                                                                                                                                                            • Opcode ID: 3ccf8dfa57ebed5ae874e87ea7e697ea666599418b435e4c2251ebe5a9e21131
                                                                                                                                                                                            • Instruction ID: 5ffb3e79803a5fc0c418781f525dd8cd69ded19bddb922d27691ced8957622ee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3ccf8dfa57ebed5ae874e87ea7e697ea666599418b435e4c2251ebe5a9e21131
                                                                                                                                                                                            • Instruction Fuzzy Hash: ADF1A772A1C3C956F7A5AF05C888A7ABBADFF4A740F854538DB4907390DB78D940CB60
                                                                                                                                                                                            Function 00007FF7227FE0C0 Relevance: 4.8, APIs: 3, Instructions: 317COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memcpy_s
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1502251526-0
                                                                                                                                                                                            • Opcode ID: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                                                                                                                                                                                            • Instruction ID: 158415785013889da9e73feb02caecb35fe63d6dfda7d61c600e362ce894c05a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 61c8d48a73c74d7b2b5693099c23eccbf95a4682f3061de545b2f75f73c9d44c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 42C1C272B1C68687EB24DF19A448A6AF791FB9D784F848139DB4E43784DA7CE801CF40
                                                                                                                                                                                            Function 00007FF7227EA060 Relevance: 4.1, Strings: 3, Instructions: 384COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: invalid distance code$invalid distance too far back$invalid literal/length code
                                                                                                                                                                                            • API String ID: 0-3255898291
                                                                                                                                                                                            • Opcode ID: 5ccc26b74eac166d3016146671465d669a63232148addc042f7b457501de7681
                                                                                                                                                                                            • Instruction ID: c90c589b5681a8b455d9ecd4f59608967cea65ea4a5d59fe95dd42f1512878fd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ccc26b74eac166d3016146671465d669a63232148addc042f7b457501de7681
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DD14932A0C5D18BE7599F2CD84467DBBE1EB9A740F448135EB9A837C1CA7CD949CB20
                                                                                                                                                                                            Function 00007FF7227E790D Relevance: 4.0, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: incorrect header check$invalid window size$unknown compression method
                                                                                                                                                                                            • API String ID: 0-1186847913
                                                                                                                                                                                            • Opcode ID: 933fdda2a0a693fb4704c872a706b9889a7611392e337090ac754fb873cc17c4
                                                                                                                                                                                            • Instruction ID: 8f06a78d523796b198bac5d6174f4702a1430140bb11b03d230f394a9edbce8a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 933fdda2a0a693fb4704c872a706b9889a7611392e337090ac754fb873cc17c4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3291E772A1C2C697F7A4AF14DC48B7A76A9FF4A340F814139DB4946790DB78E940CF21
                                                                                                                                                                                            Function 00007FF7227E7FCC Relevance: 3.9, Strings: 3, Instructions: 161COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: $ $invalid block type
                                                                                                                                                                                            • API String ID: 0-2056396358
                                                                                                                                                                                            • Opcode ID: 6941b897d4e00403c18809f6a673ff2f5a89638ff58ad76ef09c7e80b304dd39
                                                                                                                                                                                            • Instruction ID: 79a4f55cc01c3b6bb0e4f1751b941b5d382645f929513aa29f5fbe1f0465d071
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6941b897d4e00403c18809f6a673ff2f5a89638ff58ad76ef09c7e80b304dd39
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D61A6739087CA9AF760AF19DC8C63A7AACFB4A350F914139D75886390DB78D545CF20
                                                                                                                                                                                            Function 00007FF7227F87F4 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: gfffffff
                                                                                                                                                                                            • API String ID: 3215553584-1523873471
                                                                                                                                                                                            • Opcode ID: 6e6b374e358ffb98ed3835fe1ad345463b8c13656902312dc80815bb4bc071b0
                                                                                                                                                                                            • Instruction ID: d4f3ad07d2b86ee560727c5cd0fcd93599022cb2c43ca012f8fb5e0acaf3fdfc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6e6b374e358ffb98ed3835fe1ad345463b8c13656902312dc80815bb4bc071b0
                                                                                                                                                                                            • Instruction Fuzzy Hash: E2914662B0D3C68AFB11DB2598007B9AB90EB5ABC4F948032CF4D57785DE7DE502CB21
                                                                                                                                                                                            Function 00007FF7227F9200 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 220COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7227F9236
                                                                                                                                                                                              • Part of subcall function 00007FF7227F5984: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7227F5961), ref: 00007FF7227F598D
                                                                                                                                                                                              • Part of subcall function 00007FF7227F5984: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7227F5961), ref: 00007FF7227F59B2
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentFeaturePresentProcessProcessor_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: -
                                                                                                                                                                                            • API String ID: 4036615347-2547889144
                                                                                                                                                                                            • Opcode ID: 9a225e88cd471c9f0d28c8492e0b3f4a847acdc232b1f098b5a0036e8607a1c4
                                                                                                                                                                                            • Instruction ID: a0816a507dfab4b2b1d6634113f7df2e7b0b75ead07afc4251c59738e5e3a981
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a225e88cd471c9f0d28c8492e0b3f4a847acdc232b1f098b5a0036e8607a1c4
                                                                                                                                                                                            • Instruction Fuzzy Hash: F291E172A0C78586FB74EB25994076AF691FB9AB90F844235EB9D43BD8DB7CD400CB10
                                                                                                                                                                                            Function 00007FF722803C18 Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 15204871-0
                                                                                                                                                                                            • Opcode ID: cc44eefe37f4df5582d82a49112138722456b84e82797c40e34ba7e475433f75
                                                                                                                                                                                            • Instruction ID: 3ae386d6d4e686fa31b93319eae89a715eaa44d4fdd101ca3c1d570b404ea70e
                                                                                                                                                                                            • Opcode Fuzzy Hash: cc44eefe37f4df5582d82a49112138722456b84e82797c40e34ba7e475433f75
                                                                                                                                                                                            • Instruction Fuzzy Hash: C5B17D73604B858BEB15CF29CC8636877E0F744B88F548921DB5D87BA4CB79E561CB10
                                                                                                                                                                                            Function 00007FF722800A18 Relevance: 1.7, APIs: 1, Instructions: 195COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 474895018-0
                                                                                                                                                                                            • Opcode ID: 46d0a04ab260b9a3a97bb36ab95096af4939c4d58eb1b6c462ed920786b6fec8
                                                                                                                                                                                            • Instruction ID: 3b830bf5bd3ed577e23617733a49ac077afd5e00a6a8e5b7f02da469b3987a32
                                                                                                                                                                                            • Opcode Fuzzy Hash: 46d0a04ab260b9a3a97bb36ab95096af4939c4d58eb1b6c462ed920786b6fec8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 02710522F0C2824AF7246A6A9C5077DE2C1EF41364F940635DA1D877D1EEFDEA64CE20
                                                                                                                                                                                            Function 00007FF7227EE80C Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                            • API String ID: 3215553584-4108050209
                                                                                                                                                                                            • Opcode ID: a375ce7d8ac190a774d9db1b0bbd49aa5845f631dc9fe3244db92a46c16961f0
                                                                                                                                                                                            • Instruction ID: 346660f1def06c0f272abca01bf6a6dd051c08a3889050d0c14fa1995d749c0b
                                                                                                                                                                                            • Opcode Fuzzy Hash: a375ce7d8ac190a774d9db1b0bbd49aa5845f631dc9fe3244db92a46c16961f0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C71F621E1C28263F6A4BA194840279A2D1EF5A764FC45835DF8D03799CEBDE843CB36
                                                                                                                                                                                            Function 00007FF7227F2BE0 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: TMP
                                                                                                                                                                                            • API String ID: 3215553584-3125297090
                                                                                                                                                                                            • Opcode ID: 3b1ba1ce5e3b2c6f66ac9f70cf6e612166d0468608cda64eecc37bb511bad6fb
                                                                                                                                                                                            • Instruction ID: bb15a20003fcccbfd601484de1059e167f892ec1062475da20739503a95bf846
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b1ba1ce5e3b2c6f66ac9f70cf6e612166d0468608cda64eecc37bb511bad6fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2161CF12B0D64241FA68BA239D1517AD291EF6EBD4FC88036DF0D47795EEFCE442CA60
                                                                                                                                                                                            Function 00007FF7227EE5A4 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: 0
                                                                                                                                                                                            • API String ID: 3215553584-4108050209
                                                                                                                                                                                            • Opcode ID: b79696a407a2e1f99417375bab57c27b4c70aed7112a41bb3197fc5d58abf242
                                                                                                                                                                                            • Instruction ID: 5db57402d2a840ca88353b18ee7cca1cfd65220924f1bcf942af65d45c9e3321
                                                                                                                                                                                            • Opcode Fuzzy Hash: b79696a407a2e1f99417375bab57c27b4c70aed7112a41bb3197fc5d58abf242
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D61D251A0C2C367FB646A2958002BAA791DF4B764FD41931DB880779ACEB9E846CF31
                                                                                                                                                                                            Function 00007FF7227FDB48 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                            • Opcode ID: 8801fbc29237cde97098c2992bb5712ac8fa4bdca70bfcd9b7dcc25e25bd9bb3
                                                                                                                                                                                            • Instruction ID: 73bb85ace29201e1b71b1b5fc510572974f6869c3814fab6807e654b31d443f9
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8801fbc29237cde97098c2992bb5712ac8fa4bdca70bfcd9b7dcc25e25bd9bb3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8CB09220E1BA42C2FA093B126C8221462E5FF88700FC80138C40D40320DF6CA5B5DB30
                                                                                                                                                                                            Function 00007FF7227E9760 Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1385a6dc4bf741762803ad4c6cf90cf37c55bf401a043c8da06b4fed85b1e8de
                                                                                                                                                                                            • Instruction ID: 109b4cf2bab125b759cc695ffbda08a4cc985b1b3ea72075388af03047fb1cd8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1385a6dc4bf741762803ad4c6cf90cf37c55bf401a043c8da06b4fed85b1e8de
                                                                                                                                                                                            • Instruction Fuzzy Hash: C47182B37341B49BEB648B2E9514AB93790F36A349FC16115EB8447B81CE3EB921CF50
                                                                                                                                                                                            Function 00007FF7227F0700 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                                            • Instruction ID: da2bf323ef8097b99c72127afb64d10c77934113411f2d3a6757c192dfce83c3
                                                                                                                                                                                            • Opcode Fuzzy Hash: d6ef73793ea1788ae08d57b95515db7d43b127d7364744ae73512ded182e4f5a
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5417D5280D64B44FD95A9284D006B5AAC0EF3BBA1FD852F4DE99133CFC98CB586CE70
                                                                                                                                                                                            Function 00007FF7227F4684 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FreeHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3298025750-0
                                                                                                                                                                                            • Opcode ID: 8958e6767b35e025a777fc64e267e5a93d0e49a495af46bf7bc8d34417ddc14c
                                                                                                                                                                                            • Instruction ID: 4d36c60783560351c4697140c165f0a549bb3522dc2b0372774bfdc5c9f5ac44
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8958e6767b35e025a777fc64e267e5a93d0e49a495af46bf7bc8d34417ddc14c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0941CF22718A5582FB04DE2ADD251A9A3A1F749FE4B89A036EF4D87B98DE7CC1418710
                                                                                                                                                                                            Function 00007FF722803A60 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 4bd83198f846778d29d018d0185ecddc9eeca64a8fdced8fb6dbde6c39c1dffb
                                                                                                                                                                                            • Instruction ID: 28def0001880c1a7d3d86079276a725896e642ff890b056d9259c2d4e68532fd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bd83198f846778d29d018d0185ecddc9eeca64a8fdced8fb6dbde6c39c1dffb
                                                                                                                                                                                            • Instruction Fuzzy Hash: CAF06871B596958BEB949F29AC02669B7D0F708384FC48139D98D83B04D67CD071CF14
                                                                                                                                                                                            Function 00007FF7227EB0C4 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5d3e1ff0ce676b4cbccc0a96f9ce58280626e59de3549e9ee2853c98f0f76dbb
                                                                                                                                                                                            • Instruction ID: 31f57fa1c0664329bfbdb6fd1e617dfd47e99de7eb9abd13137c7602db007432
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d3e1ff0ce676b4cbccc0a96f9ce58280626e59de3549e9ee2853c98f0f76dbb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 01A0012190C942E1F604AB00AD64028AAA0FB59310BC11031C21D411A49EBEEA10CB35
                                                                                                                                                                                            Function 00007FF7227E51F0 Relevance: 166.5, APIs: 31, Strings: 64, Instructions: 287libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                            • String ID: Failed to get address for Tcl_Alloc$Failed to get address for Tcl_ConditionFinalize$Failed to get address for Tcl_ConditionNotify$Failed to get address for Tcl_ConditionWait$Failed to get address for Tcl_CreateInterp$Failed to get address for Tcl_CreateObjCommand$Failed to get address for Tcl_CreateThread$Failed to get address for Tcl_DeleteInterp$Failed to get address for Tcl_DoOneEvent$Failed to get address for Tcl_EvalEx$Failed to get address for Tcl_EvalFile$Failed to get address for Tcl_EvalObjv$Failed to get address for Tcl_Finalize$Failed to get address for Tcl_FinalizeThread$Failed to get address for Tcl_FindExecutable$Failed to get address for Tcl_Free$Failed to get address for Tcl_GetCurrentThread$Failed to get address for Tcl_GetObjResult$Failed to get address for Tcl_GetString$Failed to get address for Tcl_GetVar2$Failed to get address for Tcl_Init$Failed to get address for Tcl_MutexLock$Failed to get address for Tcl_MutexUnlock$Failed to get address for Tcl_NewByteArrayObj$Failed to get address for Tcl_NewStringObj$Failed to get address for Tcl_SetVar2$Failed to get address for Tcl_SetVar2Ex$Failed to get address for Tcl_ThreadAlert$Failed to get address for Tcl_ThreadQueueEvent$Failed to get address for Tk_GetNumMainWindows$Failed to get address for Tk_Init$GetProcAddress$LOADER: Failed to load tcl/tk libraries$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                            • API String ID: 2238633743-1453502826
                                                                                                                                                                                            • Opcode ID: e95c3f220ff907c97ac3a5505cef918bda10cea1a09b7661ea358f21aa108c0d
                                                                                                                                                                                            • Instruction ID: e80f3b9b7868c78a02e756e8a5ffee47609932fa07b6a0f1fbb41d46af86a9f2
                                                                                                                                                                                            • Opcode Fuzzy Hash: e95c3f220ff907c97ac3a5505cef918bda10cea1a09b7661ea358f21aa108c0d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1DE1B864A0DB47A1FA55EB04ACA41B8A7E5FF0A740FC45135C90E063A4EFFCE664CA70
                                                                                                                                                                                            Function 00007FF7227E2020 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                            • Opcode ID: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
                                                                                                                                                                                            • Instruction ID: ab272fabb606dd062f3427e3a98c3776dab3e4e9519e6bd6d075b493244b62ee
                                                                                                                                                                                            • Opcode Fuzzy Hash: aae4e62fcfd093211e570d6b90d2c8fdd41e88a62d8dc34d7df732e47f0cc643
                                                                                                                                                                                            • Instruction Fuzzy Hash: 775109226187A186E6349F26B8181BAF7E1FB98B61F404125EFCE43784DFBCD155DB20
                                                                                                                                                                                            Function 00007FF7227E12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                            • Opcode ID: bd339dc8f767bff6b43a78b2ad46d75eca9c7daa557e043cb5522f0ea389186c
                                                                                                                                                                                            • Instruction ID: a8a9e158ff59c73898f90c529b71805a751cf36007d3724edb2d6840ae5efd06
                                                                                                                                                                                            • Opcode Fuzzy Hash: bd339dc8f767bff6b43a78b2ad46d75eca9c7daa557e043cb5522f0ea389186c
                                                                                                                                                                                            • Instruction Fuzzy Hash: A1417F21A0C68291FE25EB15AC016B9E391FF4A794FC44432DB4D47B65EEBCE941CB30
                                                                                                                                                                                            Function 00007FF7227E70F0 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 104COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7227E101D), ref: 00007FF7227E718F
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7227E101D), ref: 00007FF7227E71DF
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                            • API String ID: 626452242-27947307
                                                                                                                                                                                            • Opcode ID: fa9d1244c0df4a3da197d46f43a843eb0ca5152a567223857be27928dd5f749e
                                                                                                                                                                                            • Instruction ID: 6e5a6964074bd3a7b99ed3c1e85ce11b8f8f2986d5bf80d9675462fbc7094901
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa9d1244c0df4a3da197d46f43a843eb0ca5152a567223857be27928dd5f749e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7741803260CBC292FA20AF55BC401AAE7A4FB89790F944135EB8D47B94DFBCD455CB20
                                                                                                                                                                                            Function 00007FF7227E75A0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 63COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7227E353B), ref: 00007FF7227E75E1
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7227E7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7227E101D), ref: 00007FF7227E2644
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: MessageBoxW.USER32 ref: 00007FF7227E271C
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32(?,00007FF7227E353B), ref: 00007FF7227E7655
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$Failed to get UTF-8 buffer size.$Out of memory.$WideCharToMultiByte$win32_utils_to_utf8
                                                                                                                                                                                            • API String ID: 3723044601-27947307
                                                                                                                                                                                            • Opcode ID: 415e80d084b85328e4a76e8d77a212f49e392635e65cd740730017958ab796a4
                                                                                                                                                                                            • Instruction ID: e85a13579786908a38d6372cd9165186c7f2d7f17afc92f495710f3434188976
                                                                                                                                                                                            • Opcode Fuzzy Hash: 415e80d084b85328e4a76e8d77a212f49e392635e65cd740730017958ab796a4
                                                                                                                                                                                            • Instruction Fuzzy Hash: E121A060B0CB82A5FB10AF19AC400A9B3A1EB89BC4B944535CB4D477A4EFFCE551CB20
                                                                                                                                                                                            Function 00007FF7227E7690 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 99COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide
                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                            • API String ID: 626452242-876015163
                                                                                                                                                                                            • Opcode ID: 95bd3e9a621ad32515735ffacbcf5a840b08ab00d44de53fcbd46df741fe2f28
                                                                                                                                                                                            • Instruction ID: 8c316d95938450e1c80916d0358b65b80f6652332d159cb139d30681ec66307f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 95bd3e9a621ad32515735ffacbcf5a840b08ab00d44de53fcbd46df741fe2f28
                                                                                                                                                                                            • Instruction Fuzzy Hash: 43418F32A0DA8392F610EF15AC411BAA7A5FB49790F944135DF8D47BA4DF7CD415CB20
                                                                                                                                                                                            Function 00007FF7227E5FD0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF7227E7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7227E74CA
                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7227E631F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7227E602F
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2760: MessageBoxW.USER32 ref: 00007FF7227E2831
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7227E6043
                                                                                                                                                                                            • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7227E608A
                                                                                                                                                                                            • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7227E6006
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                            • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                            • API String ID: 1662231829-3498232454
                                                                                                                                                                                            • Opcode ID: a4ffd2c6e21663c494c1ccd148bacda67934ce9c792482064e62d0577ff9622d
                                                                                                                                                                                            • Instruction ID: f04266c33264404c53ae643d05533ccab87f53c35b0beec51ab34061a22fe5d9
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4ffd2c6e21663c494c1ccd148bacda67934ce9c792482064e62d0577ff9622d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 13315051B1D6C2A1FA61B725ED152BA9291EF9E780FC44035DB4E42796EEBCE204CA30
                                                                                                                                                                                            Function 00007FF7227EC420 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7227EC6D2,?,?,?,00007FF7227EC3CC,?,?,?,?,00007FF7227EC0ED), ref: 00007FF7227EC4A5
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7227EC6D2,?,?,?,00007FF7227EC3CC,?,?,?,?,00007FF7227EC0ED), ref: 00007FF7227EC4B3
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF7227EC6D2,?,?,?,00007FF7227EC3CC,?,?,?,?,00007FF7227EC0ED), ref: 00007FF7227EC4DD
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF7227EC6D2,?,?,?,00007FF7227EC3CC,?,?,?,?,00007FF7227EC0ED), ref: 00007FF7227EC523
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF7227EC6D2,?,?,?,00007FF7227EC3CC,?,?,?,?,00007FF7227EC0ED), ref: 00007FF7227EC52F
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                            • Opcode ID: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
                                                                                                                                                                                            • Instruction ID: 8adcdbc28e50459a57aa2fb23ff7c620cff26b7df8b7c0b15bd2d1f11add3605
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c453ae4bf38a437f7b70d8e644795e8176eb85b810932e67f5fd4f40fb0e1dd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8431B62561E692A5FE12BB06AC00575A2D4FF0EBA4F990539EE1D4B340EE7CE440CB30
                                                                                                                                                                                            Function 00007FF7227E7490 Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 68COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7227E74CA
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7227E7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7227E101D), ref: 00007FF7227E2644
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: MessageBoxW.USER32 ref: 00007FF7227E271C
                                                                                                                                                                                            • MultiByteToWideChar.KERNEL32 ref: 00007FF7227E7550
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide$ErrorLastMessage
                                                                                                                                                                                            • String ID: Failed to decode wchar_t from UTF-8$Failed to get wchar_t buffer size.$MultiByteToWideChar$Out of memory.$win32_utils_from_utf8
                                                                                                                                                                                            • API String ID: 3723044601-876015163
                                                                                                                                                                                            • Opcode ID: a6f1c9715947d873718802f76a212db1658c74b085baec75c1e349c2d31a076f
                                                                                                                                                                                            • Instruction ID: 9dd826047019ef813e6573c82d623208d8468e071468851b491c6a2dd2dfa094
                                                                                                                                                                                            • Opcode Fuzzy Hash: a6f1c9715947d873718802f76a212db1658c74b085baec75c1e349c2d31a076f
                                                                                                                                                                                            • Instruction Fuzzy Hash: D9215521B0CA8291FB50EB19FC400A9E3A1FB997C4B944535DB5C43B69EFBCD551CB20
                                                                                                                                                                                            Function 00007FF722802280 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                            • Opcode ID: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
                                                                                                                                                                                            • Instruction ID: e5121c861dda57810f6fdb3cdae306c33a73304fe9546a0b0140cc9be6dab65e
                                                                                                                                                                                            • Opcode Fuzzy Hash: bcad4bfd22897d90546c83000e2a55e68d64a70218818eb37a662133ca5c2491
                                                                                                                                                                                            • Instruction Fuzzy Hash: DA117F31B18A4186F350AB52EC54329E2E0FB88BE4F844234DA1D877A4DFBCD964CB60
                                                                                                                                                                                            Function 00007FF7227E2230 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                            • Opcode ID: 2617642130cb3c2885c8050bcfcfe7c95971074e5b05e943a74e7e47920840ec
                                                                                                                                                                                            • Instruction ID: 51884770ab5221fcf7c4ba6c7dd51a94ba93a1bc486cc1e2de5365f852946e61
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2617642130cb3c2885c8050bcfcfe7c95971074e5b05e943a74e7e47920840ec
                                                                                                                                                                                            • Instruction Fuzzy Hash: AB311D72A0DA8295FB20EB21EC551F9A3A0FF8A794F840135EA4E47B55DFBCD145CB20
                                                                                                                                                                                            Function 00007FF7227E2610 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7227E7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7227E101D), ref: 00007FF7227E2644
                                                                                                                                                                                              • Part of subcall function 00007FF7227E6FA0: GetLastError.KERNEL32(00000000,00007FF7227E2690), ref: 00007FF7227E6FC7
                                                                                                                                                                                              • Part of subcall function 00007FF7227E6FA0: FormatMessageW.KERNEL32(00000000,00007FF7227E2690), ref: 00007FF7227E6FF6
                                                                                                                                                                                              • Part of subcall function 00007FF7227E7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7227E74CA
                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF7227E271C
                                                                                                                                                                                            • MessageBoxA.USER32 ref: 00007FF7227E2738
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$ErrorLast$ByteCharFormatMultiWide
                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                            • API String ID: 2806210788-2410924014
                                                                                                                                                                                            • Opcode ID: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
                                                                                                                                                                                            • Instruction ID: ec34da5f10f6a451f179ffa593348d4d331995f89567ae436dee510db1ad259a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 400fce4ea561395ecb7c9931c898940bca1409bd045f3b8d566701ceccfa415d
                                                                                                                                                                                            • Instruction Fuzzy Hash: D531447262C6C291FB20AB10E8516EAA394FB89784F805036E78D06B99DF7CD755CF60
                                                                                                                                                                                            Function 00007FF7227F43E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                            • Instruction ID: 8bbb63d341384cd7b7d63d93b5626af27655430b138f70a521e6df894611d23f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                            • Instruction Fuzzy Hash: 38F03061B1D64282FB58AF50EC54378A3A0FF49B41FC41035D65F46660CEBCD658CB30
                                                                                                                                                                                            Function 00007FF722803854 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                                                                                                                                            • Instruction ID: 226d203e7560caafa1ea6bee5ccc65fadea9d8e90cd1f685b3363c241f95947f
                                                                                                                                                                                            • Opcode Fuzzy Hash: b937517b4f482d0939308dbd49bace3de9952a95ba32e0c18fc8e236c2565ddb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1011A322F1CA4305F6683129EC56375D1D0EF54374FD80674EB6E0EAD6CE9CEA64CA28
                                                                                                                                                                                            Function 00007FF7227FA940 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                            • Opcode ID: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
                                                                                                                                                                                            • Instruction ID: 64abcb5eac1b1462f510e0692ecf117bd99ee71d91df84ddc47fe4580e7603ab
                                                                                                                                                                                            • Opcode Fuzzy Hash: 55788242df50e1a30cd54507ff4bf163bc38528b1732f9cc2afaa672e73b8d51
                                                                                                                                                                                            • Instruction Fuzzy Hash: BC81D372E0C20385F764BF298E00278B6A1EB1AB44FD58035CB0E573A4DBADE945DF21
                                                                                                                                                                                            Function 00007FF7227E24C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                            • API String ID: 1878133881-2410924014
                                                                                                                                                                                            • Opcode ID: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                            • Instruction ID: 13f7b861fe1da86fffa487aee00ee4e9d3fa3713969203eb2488572fcd0ec570
                                                                                                                                                                                            • Opcode Fuzzy Hash: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D31627162C6C291F620B710E8517EAA394FB89784F804035EB8D46B99DF7CD715CF60
                                                                                                                                                                                            Function 00007FF7227E3A40 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF7227E353B), ref: 00007FF7227E3A71
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7227E7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7227E101D), ref: 00007FF7227E2644
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: MessageBoxW.USER32 ref: 00007FF7227E271C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastMessageModuleName
                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to get executable path.$GetModuleFileNameW
                                                                                                                                                                                            • API String ID: 2581892565-1977442011
                                                                                                                                                                                            • Opcode ID: 1c9edb799956f43a69bcedd1b9a00334b54fc6e72bcb62656acab3b705975844
                                                                                                                                                                                            • Instruction ID: 18f9fbcdd41e67efb6c8cec2e531c675dfd48b00e75567be46f20733ab1e4e95
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c9edb799956f43a69bcedd1b9a00334b54fc6e72bcb62656acab3b705975844
                                                                                                                                                                                            • Instruction Fuzzy Hash: D5015E50B1D682A1FA60B720EC093B59391FF5D780FC00032EA4D86392EEECE654CE34
                                                                                                                                                                                            Function 00007FF722800CAC Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 72036449-0
                                                                                                                                                                                            • Opcode ID: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                            • Instruction ID: 06025c61e590b75d838f1d0dda802f689c5c7586ce084c716794c409a6e2b3bd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E51D132E0C64282F76979289C1037AE6C0DF41714F998635DE0D562D6CEBEFA60DE72
                                                                                                                                                                                            Function 00007FF7227E1F60 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                            • Opcode ID: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                            • Instruction ID: 9bfebfa0ca16e7650206d6619cb319782040e89384c770732ac32cd5907cb886
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E11CA21E0C18241F758A759ED452B99291EF8B780FC85030DA4906B99CEBCD995CA31
                                                                                                                                                                                            Function 00007FF7227EDD10 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-3916222277
                                                                                                                                                                                            • Opcode ID: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
                                                                                                                                                                                            • Instruction ID: 44e442a63e8c95c9ae7f1bf19fec33bade027d2f27fd3aed1bef624a6008f292
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7b11439edd9adaac7c4e013e5372446c9314c2fb78d936ab9d4898aaada9fb84
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E51557290C68296F764BF28884837CB7A9EB1BB18F941175E70946395CFB8D485CF31
                                                                                                                                                                                            Function 00007FF7227F8C64 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: e+000$gfff
                                                                                                                                                                                            • API String ID: 3215553584-3030954782
                                                                                                                                                                                            • Opcode ID: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
                                                                                                                                                                                            • Instruction ID: 9ef01be35cd78b27b0a9d2dacbb9471d3e461da245259f8dc1538007b7f3baee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b165a6006e8c8b6c2028c6ade3b602bb750e690e74d828472ce81c508c8919f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 07511762B1C7C286F7249F359C40369AA91EB5AB90FD89231C79C47BD5CE7CD444CB20
                                                                                                                                                                                            Function 00007FF7227E48D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: mbstowcs
                                                                                                                                                                                            • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
                                                                                                                                                                                            • API String ID: 103190477-3625900369
                                                                                                                                                                                            • Opcode ID: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                            • Instruction ID: 8a4d51e56c63a9e36e41749aa15e5487a99d6abdd3ea5b7b5bb26d3a3b334e1a
                                                                                                                                                                                            • Opcode Fuzzy Hash: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                            • Instruction Fuzzy Hash: BE516C21A0C64295FA14BB25EC252BAA291EF8EB94FC04135DB0D477E6DEFCE441CB70
                                                                                                                                                                                            Function 00007FF7227F39A8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFreeHeapModuleName_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\file.exe
                                                                                                                                                                                            • API String ID: 13503096-1957095476
                                                                                                                                                                                            • Opcode ID: ff5796dd5e04d12419cff41d6bf4f0ab72f95968fed81c257b5093fab464f084
                                                                                                                                                                                            • Instruction ID: b1aaaca31042a5ad7d40fba94eafe28032cd48152357b65b1f2eebc53adbc4f0
                                                                                                                                                                                            • Opcode Fuzzy Hash: ff5796dd5e04d12419cff41d6bf4f0ab72f95968fed81c257b5093fab464f084
                                                                                                                                                                                            • Instruction Fuzzy Hash: A1415032A0CB9286FB14FF22EC410BCA694EB49794F944035EE4E47B95DE7DD891CB20
                                                                                                                                                                                            Function 00007FF7227F74EC Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                            • Opcode ID: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
                                                                                                                                                                                            • Instruction ID: 0ec470884383de72a50d866d53273ddea0051963c8522177490fa27f0b0bb24e
                                                                                                                                                                                            • Opcode Fuzzy Hash: f42627c61a7f25b683248ff20e1504dd0ed5ade7a377c0ec61c80a04a1b4700a
                                                                                                                                                                                            • Instruction Fuzzy Hash: A541C572B1CA9182EB209F25EC443A9A7A0FB89794F854031EF4D87794DFBCD541CB60
                                                                                                                                                                                            Function 00007FF7227F9DD4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                            • Opcode ID: b577028646e4ba8833711ba0d4db1c0c656407dc00ae643860b9eea75b9598b4
                                                                                                                                                                                            • Instruction ID: 9c5628ed4101de7343c65981dee315a042af8b1fb29ed03ece47b30e35bde5aa
                                                                                                                                                                                            • Opcode Fuzzy Hash: b577028646e4ba8833711ba0d4db1c0c656407dc00ae643860b9eea75b9598b4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C219E63A0C68281FB34AB15D84426EB3A1FB89B84FC54035DB8D43784EFBCE945CE61
                                                                                                                                                                                            Function 00007FF7227E2760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                            • String ID: Fatal error detected
                                                                                                                                                                                            • API String ID: 1878133881-4025702859
                                                                                                                                                                                            • Opcode ID: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                            • Instruction ID: 181befbd85e56f52de79285ae08d1a13a3e9570b88bbd873c41a7804f3e3404d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F21716262C68291FB20AB10F8517EAA394FB89788FC05035EB8D47A95DF7CD215CB20
                                                                                                                                                                                            Function 00007FF7227E2870 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                            • String ID: Error detected
                                                                                                                                                                                            • API String ID: 1878133881-3513342764
                                                                                                                                                                                            • Opcode ID: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
                                                                                                                                                                                            • Instruction ID: 64f8190a9ae6f4267585b276c42d3bd2336ba2d798cbfaf140a0ff62e4dbb388
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5ed7caf57bd188301ead484277fc77409bb9e70f87c7d7e6d20278c1c0f354ae
                                                                                                                                                                                            • Instruction Fuzzy Hash: D421837262C68291FB20AB10F8517EAA394FB99784FC05035EB8D47A95DF7CD214CB70
                                                                                                                                                                                            Function 00007FF7227F982C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CompareStringtry_get_function
                                                                                                                                                                                            • String ID: CompareStringEx
                                                                                                                                                                                            • API String ID: 3328479835-2590796910
                                                                                                                                                                                            • Opcode ID: 29c81749be49492956bf448d50416fb18953341cf3f470c3aeb53833f47193c7
                                                                                                                                                                                            • Instruction ID: 5e24c4f97ab767645ed5af644b5478d432d84355d13a0dfbbb08f7b3e45ef7c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 29c81749be49492956bf448d50416fb18953341cf3f470c3aeb53833f47193c7
                                                                                                                                                                                            • Instruction Fuzzy Hash: C8111832A0CB8186E7609B15F8402AAB7A1FB89BD0F544136EF8D43B59CE7CD564CB50
                                                                                                                                                                                            Function 00007FF7227F9A98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Stringtry_get_function
                                                                                                                                                                                            • String ID: LCMapStringEx
                                                                                                                                                                                            • API String ID: 2588686239-3893581201
                                                                                                                                                                                            • Opcode ID: 938b4cabf045120e554f7056953f86ac9635c27825e0d85b6221573e9749b67b
                                                                                                                                                                                            • Instruction ID: 74a6ab99eb09c94a24040679b9db663eef91c640809c068cc191e4b1b81e8f63
                                                                                                                                                                                            • Opcode Fuzzy Hash: 938b4cabf045120e554f7056953f86ac9635c27825e0d85b6221573e9749b67b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B111532A0CB8186E7609B16F8402AAB7A1FB89B90F544136EB8D83B59CE7CD554CB50
                                                                                                                                                                                            Function 00007FF7227FA7E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                            • API String ID: 3215553584-336475711
                                                                                                                                                                                            • Opcode ID: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                            • Instruction ID: b86fb9911c3abeb93e6fd015354a5b813a5eadf87d57a22cb2d064f59bd8a9fc
                                                                                                                                                                                            • Opcode Fuzzy Hash: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E01A26290C20285FB21BB609C5217EA3A0FF4D754FD01035DA4D467A1DFBCE505CE74
                                                                                                                                                                                            Function 00007FF7227F9A34 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • try_get_function.LIBVCRUNTIME ref: 00007FF7227F9A65
                                                                                                                                                                                            • InitializeCriticalSectionAndSpinCount.KERNEL32(?,?,-00000018,00007FF7227F5D0E,?,?,?,00007FF7227F5C06,?,?,?,00007FF7227F0C32,?,?,00000000,00007FF7227E3BA9), ref: 00007FF7227F9A7F
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CountCriticalInitializeSectionSpintry_get_function
                                                                                                                                                                                            • String ID: InitializeCriticalSectionEx
                                                                                                                                                                                            • API String ID: 539475747-3084827643
                                                                                                                                                                                            • Opcode ID: ea2b473bdb4af6d4d3061d9ce177a635df04aaff899401cb1b17dfcad325bad1
                                                                                                                                                                                            • Instruction ID: 0f3b594997b13527e052a015ca00a0f6e59c8afa60610a120d694f16cb84c0f3
                                                                                                                                                                                            • Opcode Fuzzy Hash: ea2b473bdb4af6d4d3061d9ce177a635df04aaff899401cb1b17dfcad325bad1
                                                                                                                                                                                            • Instruction Fuzzy Hash: E2F03A22A1C75182F624AB51EC400A9A2A1FF48B90FC85035EA1D03B54CEBCEA69CB60
                                                                                                                                                                                            Function 00007FF7227F99E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • try_get_function.LIBVCRUNTIME ref: 00007FF7227F9A09
                                                                                                                                                                                            • TlsSetValue.KERNEL32(?,?,00000000,00007FF7227F86AA,?,?,00000000,00007FF7227EFC79,?,?,?,?,00007FF7227F59F1), ref: 00007FF7227F9A20
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.1869986687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.1869959726.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870028267.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870055555.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.1870182428.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Valuetry_get_function
                                                                                                                                                                                            • String ID: FlsSetValue
                                                                                                                                                                                            • API String ID: 738293619-3750699315
                                                                                                                                                                                            • Opcode ID: df5f7d63849f41ae9f7569e8dc870c87d44edfa89a3ce8aff31ae8955888d4c4
                                                                                                                                                                                            • Instruction ID: ac6eaf46975e068b1ed5ccea17c3b7ee52f6f44466b7cbbccaeca4c2c1789378
                                                                                                                                                                                            • Opcode Fuzzy Hash: df5f7d63849f41ae9f7569e8dc870c87d44edfa89a3ce8aff31ae8955888d4c4
                                                                                                                                                                                            • Instruction Fuzzy Hash: C2E03062E1C60282FA186B55EC000B4A2A2EF48780FC84032D61D06394CEBCE6A4CB30

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:1.9%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:0.4%
                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                            Total number of Limit Nodes:32
                                                                                                                                                                                            execution_graph 69586 70a0e6f0 69587 70a0e89b 69586->69587 69588 70a0e745 69586->69588 69588->69587 69589 70a0e805 strlen strncmp 69588->69589 69591 70a0e82b 69589->69591 69591->69587 69592 70a0dc10 69591->69592 69619 70a96150 69592->69619 69595 70a0dc92 69597 70a0e550 69595->69597 69615 70a0dca0 69595->69615 69596 70a0dcbe 69621 70a0a420 malloc 69596->69621 69663 70a96380 14 API calls 69597->69663 69603 70a0df7d 69609 70a0dc56 69603->69609 69666 70a96380 14 API calls 69603->69666 69604 70a05300 35 API calls 69604->69609 69605 70a0a420 55 API calls 69605->69609 69606 70a0dce4 69659 70a04590 35 API calls 69606->69659 69609->69603 69609->69604 69609->69605 69618 70a0dc7b 69609->69618 69660 70a05300 35 API calls 69609->69660 69662 70a268a0 __iob_func abort 69609->69662 69664 70a26200 __iob_func abort 69609->69664 69665 70a26d60 __iob_func abort 69609->69665 69613 70a0dcef free 69613->69609 69614 70a0ddb6 free 69614->69609 69615->69596 69615->69609 69617 70a0df5a 69615->69617 69615->69618 69661 70a04590 35 API calls 69617->69661 69618->69587 69620 70a0dc26 strlen strncmp 69619->69620 69620->69595 69620->69609 69622 70a0a4c4 69621->69622 69623 70a0a44a 69621->69623 69624 70a0a5c0 69622->69624 69625 70a0a4db 69622->69625 69667 70a2db90 __iob_func abort 69623->69667 69671 70a04230 7 API calls 69624->69671 69630 70a0a6c0 _errno strerror 69625->69630 69631 70a0a4ea _errno 69625->69631 69628 70a0a455 69637 70a0a490 free 69628->69637 69638 70a0a470 69628->69638 69629 70a0a5d3 69632 70a0a730 fprintf 69629->69632 69633 70a0a5df _errno 69629->69633 69639 70a0a6e6 fprintf 69630->69639 69634 70a0a47a 69631->69634 69647 70a0a767 _errno strerror fprintf 69632->69647 69635 70a0a787 _errno strerror fprintf 69633->69635 69636 70a0a5eb 8 API calls 69633->69636 69634->69606 69634->69618 69645 70a0a660 fprintf 69636->69645 69641 70a0a4f4 69637->69641 69642 70a0a4a9 69637->69642 69668 70a03760 14 API calls 69638->69668 69639->69632 69669 70a04230 7 API calls 69641->69669 69650 70a0a4b8 _errno 69642->69650 69655 70a0a690 69642->69655 69649 70a0a675 fputc 69645->69649 69646 70a0a507 69646->69639 69648 70a0a513 _errno 69646->69648 69647->69635 69648->69647 69652 70a0a51f fprintf 69648->69652 69649->69655 69650->69634 69670 70a2db70 69652->69670 69654 70a0a54a fprintf fputc fclose 69656 70a0a57f 69654->69656 69655->69630 69657 70a0a590 fprintf 69656->69657 69658 70a0a5a5 fputc 69657->69658 69658->69624 69659->69613 69660->69614 69661->69603 69662->69609 69664->69609 69665->69609 69667->69628 69668->69634 69669->69646 69670->69654 69671->69629 69672 70a199f0 69673 70a1a6d0 69672->69673 69732 70a19a11 69672->69732 69674 70a1a6e7 _errno 69673->69674 69899 70a19c2a 69673->69899 69674->69732 69675 70a1a704 69676 70a1a903 _errno 69677 70a1a911 fprintf fprintf fputc fclose 69676->69677 69678 70a1aff3 _errno strerror fprintf 69676->69678 69683 70a1a96e fprintf 69677->69683 69678->69899 69679 70a1a872 69680 70a1b33e fprintf 69680->69732 69681 70a1a73f _errno 69684 70a1b493 _errno strerror fprintf 69681->69684 69685 70a1a74b fprintf fputc fclose 69681->69685 69682 70a1a8be fprintf 69682->69899 69690 70a1a980 fputc 69683->69690 69684->69732 69691 70a1a788 fputc 69685->69691 69686 70a1a7c0 _errno 69686->69675 69686->69899 69688 70a1b021 fprintf 69688->69732 69689 70a19c7e GetProcAddress 69693 70a19cab GetProcAddress 69689->69693 69689->69899 69698 70a1a992 GetProcAddress 69690->69698 69691->69675 69696 70a19cc0 GetProcAddress 69693->69696 69693->69899 69694 70a1b4c8 _errno 69694->69732 69701 70a19cd5 GetProcAddress 69696->69701 69696->69899 69697 70a1ae06 _errno 69703 70a1c753 _errno strerror fprintf 69697->69703 69704 70a1ae14 fprintf fprintf fputc fclose 69697->69704 69705 70a19cf1 GetProcAddress 69698->69705 69698->69899 69701->69698 69701->69705 69702 70a1a7fc _errno 69707 70a1c1f3 _errno strerror fprintf 69702->69707 69708 70a1a808 fprintf fputc fclose 69702->69708 69703->69899 69714 70a1ae78 fprintf 69704->69714 69706 70a19d0d GetProcAddress 69705->69706 69705->69732 69713 70a19d29 GetProcAddress 69706->69713 69706->69732 69707->69899 69722 70a1a85a fputc 69708->69722 69710 70a1bb50 _errno 69717 70a1c801 _errno strerror fprintf 69710->69717 69710->69899 69711 70a1bf77 fprintf 69711->69899 69712 70a1bd30 free 69712->69732 69712->69899 69720 70a19d3e GetProcAddress 69713->69720 69713->69899 69733 70a1ae91 fputc 69714->69733 69715 70a04230 7 API calls 69715->69899 69716 70a1aa9f _errno 69724 70a1bc80 _errno strerror fprintf 69716->69724 69725 70a1aaad fprintf fprintf fputc fclose 69716->69725 69717->69732 69718 70a04a00 49 API calls 69727 70a1b3cc free 69718->69727 69719 70a1b087 _errno 69719->69675 69766 70a1b0a4 69719->69766 69728 70a19d5a GetProcAddress 69720->69728 69720->69732 69721 70a1ac44 _errno 69729 70a1ac50 fprintf fprintf fputc fclose 69721->69729 69730 70a1bf0b _errno strerror fprintf 69721->69730 69722->69732 69723 70a1b76f _errno 69723->69732 69737 70a1c333 _errno strerror fprintf 69723->69737 69744 70a1bca0 fprintf 69724->69744 69754 70a1ab11 fprintf 69725->69754 69726 70a1c1aa fprintf 69747 70a1c1d3 _errno strerror fprintf 69726->69747 70580 70a0da10 69727->70580 69728->69732 69742 70a19d6f GetProcAddress GetProcAddress 69728->69742 69758 70a1acb4 fprintf 69729->69758 69730->69899 69731 70a1ad14 _errno 69746 70a1ad20 fprintf fprintf fputc fclose 69731->69746 69731->69747 69732->69675 69732->69679 69732->69686 69732->69694 69732->69712 69732->69718 69732->69719 69732->69723 69748 70a1bd71 _errno 69732->69748 69784 70a1cf97 _errno 69732->69784 69803 70a1b417 _time64 69732->69803 69835 70a1b82f _errno 69732->69835 69732->69899 69980 70a1d91b GetProcAddress 69732->69980 70065 70a1a569 _time64 srand 69732->70065 70099 70a2d4b0 2 API calls 69732->70099 70191 70a2d0c0 10 API calls 69732->70191 70275 70a05fd0 107 API calls 69732->70275 70299 70a1b7f0 free 69732->70299 70312 70a1b238 free 69732->70312 70345 70a1b277 _errno 69732->70345 70353 70a0a420 55 API calls 69732->70353 70367 70a1b216 memcpy free 69732->70367 70414 70a2d920 69732->70414 70428 70a2d690 69732->70428 70442 70a2d210 69732->70442 70456 70a2d360 69732->70456 70470 70a70830 69732->70470 70479 70a04a00 69732->70479 70603 70a04230 7 API calls 69732->70603 69733->69686 69734 70a1aeb1 fprintf 69734->69899 69735 70a1a9e2 _errno 69752 70a1cf6a _errno strerror fprintf 69735->69752 69753 70a1a9ee fprintf fprintf fputc fclose 69735->69753 69736 70a1c781 fprintf 69763 70a1c7aa _errno strerror fprintf 69736->69763 69737->69899 69738 70a1bb71 _errno strerror fprintf 69738->69732 69739 70a1bfae fprintf 69739->69899 69741 70a1ab74 _errno 69755 70a1ab80 fprintf fprintf fputc fclose 69741->69755 69756 70a1c4b7 _errno strerror fprintf 69741->69756 69742->69732 69757 70a19d98 GetProcAddress GetProcAddress 69742->69757 69744->69691 69745 70a1c0f8 _errno 69759 70a1c100 _errno strerror fprintf 69745->69759 69745->69899 69771 70a1ad84 fprintf 69746->69771 69747->69707 69748->69899 69749 70a1c221 fprintf 69749->69899 69750 70a1ba8f fprintf 69750->69732 69751 70a1aeee fprintf 69751->69732 69752->69732 69774 70a1aa52 fprintf 69753->69774 69775 70a1ab2a fputc 69754->69775 69777 70a1abe4 fprintf 69755->69777 69756->69899 69765 70a19dc1 GetProcAddress GetProcAddress 69757->69765 69757->69899 69781 70a1accd fputc 69758->69781 69759->69899 69760 70a1c98c fprintf 69760->69732 69761 70a1c5d8 _errno 69772 70a1c5e2 _errno strerror fprintf 69761->69772 69761->69899 69762 70a1b98e fprintf 69762->69732 69763->69899 69764 70a1ccfd fprintf 69790 70a1cd26 _errno strerror fprintf 69764->69790 69778 70a19df1 GetProcAddress 69765->69778 69765->69899 69767 70a1b0c3 _errno 69766->69767 69794 70a1b4fe fprintf 69766->69794 70600 70a04230 7 API calls 69766->70600 69767->69738 69779 70a1b0d1 fprintf fputc fclose 69767->69779 69769 70a1bce1 fprintf 69769->69732 69770 70a1c129 fprintf fprintf fputc fclose 69770->69899 69795 70a1ad9d fputc 69771->69795 69772->69899 69773 70a1b627 _errno 69785 70a1b631 _errno strerror fprintf 69773->69785 69786 70a1b64c fprintf fprintf fputc fclose 69773->69786 69798 70a1aa6b fputc 69774->69798 69775->69732 69776 70a1c855 _errno 69788 70a1c877 fprintf fprintf fputc fclose 69776->69788 69789 70a1c85c _errno strerror fprintf 69776->69789 69804 70a1abfd fputc 69777->69804 69791 70a19e0d GetProcAddress 69778->69791 69778->69899 69808 70a1b11d fputc 69779->69808 69780 70a1b884 _errno 69792 70a1b890 fprintf fprintf fputc fclose 69780->69792 69793 70a1cadc _errno strerror fprintf 69780->69793 69781->69686 69782 70a1b1cd fprintf 69810 70a1b1df fputc 69782->69810 69783 70a1cab3 fprintf 69783->69899 69784->69675 69843 70a1cfdd 69784->69843 69785->69786 69812 70a1b6b0 fprintf 69786->69812 69787 70a1c361 fprintf 69787->69899 69820 70a1c8db fprintf 69788->69820 69789->69788 69790->69732 69807 70a19e29 GetProcAddress 69791->69807 69791->69899 69825 70a1b8f4 fprintf 69792->69825 69793->69899 69794->69732 69795->69686 69796 70a1bd9e fprintf 69796->69732 69797 70a1c30a fprintf 69797->69737 69798->69686 69799 70a1af56 _errno 69813 70a1cc91 _errno strerror fprintf 69799->69813 69814 70a1af64 fprintf fprintf fputc fclose 69799->69814 69800 70a1bf4a _errno 69815 70a1cb33 _errno strerror fprintf 69800->69815 69800->69899 69801 70a1b7c6 _errno 69817 70a1ca85 _errno strerror fprintf 69801->69817 69801->69899 69802 70a1bbc7 _errno 69818 70a1bbd1 _errno strerror fprintf 69802->69818 69819 70a1bbec fprintf fprintf fputc fclose 69802->69819 70602 70a098a0 19 API calls 69803->70602 69804->69686 69805 70a1d181 fprintf 69805->69732 69806 70a1c4e5 fprintf 69806->69899 69807->69732 69822 70a19e3e GetProcAddress 69807->69822 69808->69675 69809 70a1c178 fprintf 69840 70a1c18a fputc 69809->69840 69810->69732 69811 70a1c26f _errno 69811->69790 69827 70a1c27b fprintf fprintf fputc fclose 69811->69827 69844 70a1b6c9 fputc 69812->69844 69813->69899 69848 70a1afc8 fprintf 69814->69848 69815->69899 69816 70a1c7d8 fprintf 69816->69717 69817->69899 69818->69819 69851 70a1bc50 fprintf 69819->69851 69854 70a1c8f4 fputc 69820->69854 69822->69732 69837 70a19e53 GetProcAddress 69822->69837 69823 70a1c51c fprintf 69823->69899 69824 70a1d1e2 _errno 69838 70a21921 _errno strerror fprintf 69824->69838 69839 70a1d1f4 fprintf fprintf fputc fclose 69824->69839 69857 70a1b90d fputc 69825->69857 69826 70a1b5cd fprintf 69861 70a1b5df fputc 69826->69861 69863 70a1c2d8 fprintf 69827->69863 69829 70a1be70 _errno 69845 70a1d13a _errno strerror fprintf 69829->69845 69846 70a1be7c fprintf fprintf fputc fclose 69829->69846 69830 70a1c72a fprintf 69830->69703 69831 70a1baf4 _errno 69847 70a1bb03 _errno strerror fprintf 69831->69847 69831->69899 69832 70a1ba0e fprintf fprintf fputc fclose 69832->69899 69833 70a1b17e fprintf fprintf fputc fclose 69833->69899 69834 70a1c00b _errno 69852 70a1c035 fprintf fprintf fputc fclose 69834->69852 69853 70a1c01a _errno strerror fprintf 69834->69853 69835->69732 69836 70a1c955 fprintf 69836->69899 69855 70a19e6f GetProcAddress 69837->69855 69837->69899 69874 70a21941 _errno strerror fprintf 69838->69874 69871 70a1d251 fprintf 69839->69871 69840->69732 69841 70a1c9eb _errno 69858 70a1c9f6 fprintf fprintf fputc fclose 69841->69858 69859 70a1d83b _errno strerror fprintf 69841->69859 69842 70a1b9f4 _errno 69860 70a1ce25 _errno strerror fprintf 69842->69860 69842->69899 70604 70a04230 7 API calls 69843->70604 69844->69686 69845->69899 69878 70a1bee0 fprintf 69846->69878 69847->69899 69879 70a1afe1 fputc 69848->69879 69849 70a1c398 fprintf 69849->69899 69850 70a1c3f5 _errno 69865 70a1d375 _errno strerror fprintf 69850->69865 69866 70a1c408 fprintf fprintf fputc fclose 69850->69866 69880 70a1bc69 fputc 69851->69880 69881 70a1c099 fprintf 69852->69881 69853->69852 69854->69686 69855->69732 69870 70a19e84 GetProcAddress 69855->69870 69856 70a1d684 fprintf 69856->69899 69857->69686 69885 70a1ca5a fprintf 69858->69885 69859->69899 69860->69732 69861->69694 69862 70a1cb0a fprintf 69862->69815 69890 70a1c2ea fputc 69863->69890 69865->69899 69894 70a1c46c fprintf 69866->69894 69867 70a1ccbf fprintf 69867->69899 69868 70a1b44e 69868->69675 69869 70a1c6fa fprintf 69869->69899 69883 70a19ea0 GetProcAddress 69870->69883 69870->69899 69898 70a1d263 fputc 69871->69898 69872 70a1c644 _errno 69887 70a1d4fa _errno strerror fprintf 69872->69887 69888 70a1c64f fprintf fprintf fputc fclose 69872->69888 69873 70a1ba5d fprintf 69903 70a1ba6f fputc 69873->69903 69874->69899 69875 70a1d3a3 fprintf 69875->69899 69876 70a1cb61 fprintf 69876->69899 69877 70a1cff0 69891 70a1cffc _errno 69877->69891 69892 70a1d07f fprintf 69877->69892 69906 70a1bef9 fputc 69878->69906 69879->69686 69880->69686 69907 70a1c0b2 fputc 69881->69907 69882 70a1cd73 _errno 69895 70a1cd81 _errno strerror fprintf 69882->69895 69896 70a1cd9c fprintf fprintf fputc fclose 69882->69896 69897 70a19eb5 GetProcAddress 69883->69897 69883->69899 69884 70a1b562 _errno 69884->69899 69900 70a1c906 _errno strerror fprintf 69884->69900 69911 70a1ca73 fputc 69885->69911 69886 70a1cf3a fprintf 69886->69752 69919 70a1d51a _errno strerror fprintf 69887->69919 69914 70a1c6b3 fprintf 69888->69914 69889 70a1be04 _errno 69889->69899 69902 70a1be0e _errno strerror fprintf 69889->69902 69890->69899 69904 70a1d021 fprintf fputc fclose 69891->69904 69905 70a1d006 _errno strerror fprintf 69891->69905 69915 70a1d061 fputc 69892->69915 69893 70a1d111 fprintf 69893->69845 69920 70a1c485 fputc 69894->69920 69895->69896 69921 70a1cdfc fprintf 69896->69921 69897->69732 69908 70a19ed1 GetProcAddress 69897->69908 69898->69899 69899->69676 69899->69680 69899->69681 69899->69682 69899->69686 69899->69688 69899->69689 69899->69697 69899->69702 69899->69710 69899->69711 69899->69712 69899->69715 69899->69716 69899->69721 69899->69726 69899->69731 69899->69732 69899->69734 69899->69735 69899->69736 69899->69738 69899->69739 69899->69741 69899->69745 69899->69748 69899->69749 69899->69750 69899->69751 69899->69760 69899->69761 69899->69762 69899->69764 69899->69769 69899->69770 69899->69773 69899->69776 69899->69780 69899->69782 69899->69783 69899->69787 69899->69796 69899->69797 69899->69799 69899->69800 69899->69801 69899->69802 69899->69805 69899->69806 69899->69809 69899->69811 69899->69816 69899->69823 69899->69824 69899->69826 69899->69829 69899->69830 69899->69831 69899->69832 69899->69833 69899->69834 69899->69836 69899->69841 69899->69842 69899->69849 69899->69850 69899->69856 69899->69862 69899->69867 69899->69868 69899->69869 69899->69872 69899->69873 69899->69875 69899->69876 69899->69882 69899->69884 69899->69886 69899->69889 69899->69893 69901 70a1d75c _errno 69899->69901 69909 70a1d6c2 fprintf 69899->69909 69910 70a1b57e fprintf fprintf fputc fclose 69899->69910 69916 70a1cbc0 _errno 69899->69916 69917 70a1d4d1 fprintf 69899->69917 69923 70a1ce7b _errno 69899->69923 69924 70a1e045 fprintf 69899->69924 69925 70a2196f fprintf 69899->69925 69926 70a1d3da fprintf 69899->69926 69927 70a1d422 _errno 69899->69927 69928 70a1d87a _errno 69899->69928 69934 70a1d2bb _errno 69899->69934 69941 70a1d548 fprintf 69899->69941 69944 70a1dba2 fprintf 69899->69944 69954 70a1d80b fprintf 69899->69954 69957 70a1dd71 GetProcAddress 69899->69957 69963 70a1d5be _errno 69899->69963 69966 70a1dc33 _errno 69899->69966 69967 70a219be _errno 69899->69967 69982 70a21d3b _errno 69899->69982 69983 70a1dcf9 fprintf 69899->69983 69984 70a21a84 fprintf 69899->69984 69989 70a1e132 _errno 69899->69989 69990 70a1df24 _errno 69899->69990 69992 70a1dcc0 fprintf 69899->69992 69995 70a21e01 fprintf 69899->69995 69996 70a21a4b fprintf 69899->69996 69997 70a1d96f _errno 69899->69997 70004 70a21e4d _errno 69899->70004 70005 70a1e1f8 fprintf 69899->70005 70006 70a1da35 fprintf 69899->70006 70007 70a21c10 _errno 69899->70007 70008 70a1dfea fprintf 69899->70008 70010 70a21dc8 fprintf 69899->70010 70015 70a1de12 _errno 69899->70015 70018 70a21afe _errno 69899->70018 70019 70a1da81 _errno 69899->70019 70023 70a1e1bf fprintf 69899->70023 70024 70a21f13 fprintf 69899->70024 70025 70a1d9fc fprintf 69899->70025 70028 70a1ded8 fprintf 69899->70028 70031 70a1dfb1 fprintf 69899->70031 70032 70a21cd6 fprintf 69899->70032 70033 70a2182e _errno 69899->70033 70036 70a21bc4 fprintf 69899->70036 70037 70a2171c _errno 69899->70037 70038 70a1db47 fprintf 69899->70038 70043 70a21eda fprintf 69899->70043 70044 70a1de9f fprintf 69899->70044 70049 70a21c9d fprintf 69899->70049 70050 70a218f4 fprintf 69899->70050 70052 70a215dc _errno 69899->70052 70053 70a21b8b fprintf 69899->70053 70054 70a1db0e fprintf 69899->70054 70055 70a217e2 fprintf 69899->70055 70057 70a214ca _errno 69899->70057 70062 70a216a2 fprintf 69899->70062 70064 70a2138a _errno 69899->70064 70066 70a218bb fprintf 69899->70066 70071 70a21278 _errno 69899->70071 70072 70a217a9 fprintf 69899->70072 70078 70a21590 fprintf 69899->70078 70079 70a21669 fprintf 69899->70079 70083 70a21450 fprintf 69899->70083 70085 70a1b716 _errno 69899->70085 70086 70a21138 _errno 69899->70086 70088 70a2133e fprintf 69899->70088 70090 70a21026 _errno 69899->70090 70091 70a21557 fprintf 69899->70091 70096 70a211fe fprintf 69899->70096 70097 70a20ee6 _errno 69899->70097 70098 70a21417 fprintf 69899->70098 70103 70a20dd4 _errno 69899->70103 70104 70a21305 fprintf 69899->70104 70109 70a210ec fprintf 69899->70109 70110 70a211c5 fprintf 69899->70110 70114 70a20fac fprintf 69899->70114 70116 70a20c94 _errno 69899->70116 70118 70a20e9a fprintf 69899->70118 70120 70a20b82 _errno 69899->70120 70122 70a210b3 fprintf 69899->70122 70126 70a20d5a fprintf 69899->70126 70127 70a20a42 _errno 69899->70127 70128 70a20f73 fprintf 69899->70128 70132 70a20930 _errno 69899->70132 70133 70a20e61 fprintf 69899->70133 70138 70a20c48 fprintf 69899->70138 70139 70a20d21 fprintf 69899->70139 70142 70a1b164 _errno 69899->70142 70144 70a20b08 fprintf 69899->70144 70147 70a207f0 _errno 69899->70147 70150 70a209f6 fprintf 69899->70150 70151 70a206de _errno 69899->70151 70152 70a20c0f fprintf 69899->70152 70157 70a208b6 fprintf 69899->70157 70158 70a2059e _errno 69899->70158 70159 70a20acf fprintf 69899->70159 70163 70a2048c _errno 69899->70163 70164 70a209bd fprintf 69899->70164 70167 70a1b309 _errno 69899->70167 70170 70a207a4 fprintf 69899->70170 70171 70a2087d fprintf 69899->70171 70175 70a20664 fprintf 69899->70175 70177 70a2034c _errno 69899->70177 70179 70a20552 fprintf 69899->70179 70180 70a2023a _errno 69899->70180 70181 70a2076b fprintf 69899->70181 70186 70a20412 fprintf 69899->70186 70187 70a200fa _errno 69899->70187 70188 70a2062b fprintf 69899->70188 70193 70a1ffe8 _errno 69899->70193 70194 70a20519 fprintf 69899->70194 70195 70a1c59b _errno 69899->70195 70199 70a20300 fprintf 69899->70199 70201 70a203d9 fprintf 69899->70201 70205 70a201c0 fprintf 69899->70205 70207 70a1fea8 _errno 69899->70207 70209 70a200ae fprintf 69899->70209 70210 70a1b956 _errno 69899->70210 70211 70a1fd96 _errno 69899->70211 70213 70a202c7 fprintf 69899->70213 70217 70a1d0c1 fprintf 69899->70217 70219 70a1ff6e fprintf 69899->70219 70221 70a1fc56 _errno 69899->70221 70222 70a20187 fprintf 69899->70222 70226 70a1fb44 _errno 69899->70226 70227 70a20075 fprintf 69899->70227 70231 70a1fe5c fprintf 69899->70231 70233 70a1ff35 fprintf 69899->70233 70237 70a1fd1c fprintf 69899->70237 70239 70a1fa04 _errno 69899->70239 70243 70a1fc0a fprintf 69899->70243 70244 70a1f8f2 _errno 69899->70244 70245 70a1fe23 fprintf 69899->70245 70250 70a1faca fprintf 69899->70250 70251 70a1f7b2 _errno 69899->70251 70252 70a1fce3 fprintf 69899->70252 70256 70a1f6a0 _errno 69899->70256 70257 70a1fbd1 fprintf 69899->70257 70261 70a1f9b8 fprintf 69899->70261 70263 70a1fa91 fprintf 69899->70263 70268 70a1f878 fprintf 69899->70268 70269 70a1f560 _errno 69899->70269 70272 70a1f766 fprintf 69899->70272 70273 70a1f44e _errno 69899->70273 70274 70a1f97f fprintf 69899->70274 70280 70a1f626 fprintf 69899->70280 70281 70a1f30e _errno 69899->70281 70282 70a1f83f fprintf 69899->70282 70286 70a1f1fc _errno 69899->70286 70287 70a1f72d fprintf 69899->70287 70291 70a1f514 fprintf 69899->70291 70292 70a1f5ed fprintf 69899->70292 70297 70a1f3d4 fprintf 69899->70297 70298 70a1f0bc _errno 69899->70298 70302 70a1f2c2 fprintf 69899->70302 70303 70a1efaa _errno 69899->70303 70304 70a1f4db fprintf 69899->70304 70308 70a1f182 fprintf 69899->70308 70310 70a1ee6a _errno 69899->70310 70311 70a1f39b fprintf 69899->70311 70317 70a1ed58 _errno 69899->70317 70318 70a1f289 fprintf 69899->70318 70322 70a1f070 fprintf 69899->70322 70323 70a1f149 fprintf 69899->70323 70329 70a1ef30 fprintf 69899->70329 70330 70a1ec18 _errno 69899->70330 70334 70a1ee1e fprintf 69899->70334 70335 70a1eb06 _errno 69899->70335 70336 70a1f037 fprintf 69899->70336 70340 70a1ecde fprintf 69899->70340 70343 70a1e9c6 _errno 69899->70343 70344 70a1eef7 fprintf 69899->70344 70350 70a1ede5 fprintf 69899->70350 70356 70a1ebcc fprintf 69899->70356 70357 70a1eca5 fprintf 69899->70357 70358 70a1e8b4 _errno 69899->70358 70362 70a1ea8c fprintf 69899->70362 70369 70a1eb93 fprintf 69899->70369 70370 70a1e758 _errno 69899->70370 70372 70a1e97a fprintf 69899->70372 70373 70a1ea53 fprintf 69899->70373 70374 70a1e646 _errno 69899->70374 70378 70a1e81e fprintf 69899->70378 70379 70a1e4ce _errno 69899->70379 70384 70a1e3bc _errno 69899->70384 70385 70a1e941 fprintf 69899->70385 70389 70a1e70c fprintf 69899->70389 70390 70a1e7e5 fprintf 69899->70390 70393 70a1e594 fprintf 69899->70393 70394 70a1e482 fprintf 69899->70394 70396 70a1e6d3 fprintf 69899->70396 70397 70a1e244 _errno 69899->70397 70399 70a1e55b fprintf 69899->70399 70402 70a1e30a fprintf 69899->70402 70403 70a1e449 fprintf 69899->70403 70407 70a1e2d1 fprintf 69899->70407 69900->69899 69912 70a1e017 _errno strerror fprintf 69901->69912 69913 70a1d76e fprintf fprintf fputc fclose 69901->69913 69902->69899 69903->69732 69904->69915 69905->69904 69906->69686 69907->69686 69908->69899 69922 70a19eed GetProcAddress 69908->69922 69909->69732 69910->69899 69911->69686 69912->69899 69935 70a1d7d2 fprintf 69913->69935 69936 70a1c6cc fputc 69914->69936 69915->69675 69929 70a1cbe2 fprintf fprintf fputc fclose 69916->69929 69930 70a1cbc7 _errno strerror fprintf 69916->69930 69917->69887 69919->69899 69920->69686 69942 70a1ce13 fputc 69921->69942 69922->69732 69931 70a19f02 GetProcAddress 69922->69931 69932 70a1ce82 _errno strerror fprintf 69923->69932 69933 70a1ce9d fprintf fprintf fputc fclose 69923->69933 69945 70a1e075 GetProcAddress 69924->69945 69925->69899 69926->69899 69927->69874 69937 70a1d434 fprintf fprintf fputc fclose 69927->69937 69938 70a1db74 _errno strerror fprintf 69928->69938 69939 70a1d88c fprintf fprintf fputc fclose 69928->69939 69948 70a1cc46 fprintf 69929->69948 69930->69929 69931->69899 69943 70a19f1e GetProcAddress 69931->69943 69932->69933 69952 70a1cf01 fprintf 69933->69952 69946 70a1dd26 _errno strerror fprintf 69934->69946 69947 70a1d2cd fprintf fprintf fputc fclose 69934->69947 69953 70a1d7eb fputc 69935->69953 69936->69686 69955 70a1d498 fprintf 69937->69955 69938->69899 69956 70a1d8f0 fprintf 69939->69956 69941->69732 69942->69675 69943->69899 69949 70a19f3a GetProcAddress 69943->69949 69944->69732 69950 70a1e091 GetProcAddress 69945->69950 69951 70a1a4b9 GetProcAddress 69945->69951 69961 70a1dd46 GetProcAddress 69946->69961 69960 70a1d331 fprintf 69947->69960 69962 70a1cc5f fputc 69948->69962 69949->69732 69959 70a19f56 GetProcAddress 69949->69959 69950->69899 69950->69951 69951->69957 69958 70a1a4d5 GetProcAddress 69951->69958 69965 70a1cf1a fputc 69952->69965 69953->69686 69954->69859 69969 70a1d4b1 fputc 69955->69969 69970 70a1d909 fputc 69956->69970 69957->69958 69968 70a1dd8d GetProcAddress 69957->69968 69958->69732 69958->69961 69959->69899 69964 70a19f72 GetProcAddress 69959->69964 69974 70a1d34a fputc 69960->69974 69961->69899 69962->69686 69971 70a1d5e7 fprintf fprintf fputc fclose 69963->69971 69972 70a1d5cc _errno strerror fprintf 69963->69972 69964->69899 69973 70a19f8e GetProcAddress 69964->69973 69965->69686 69975 70a1dc41 _errno strerror fprintf 69966->69975 69976 70a1dc5c fprintf fprintf fputc fclose 69966->69976 69977 70a219e7 fprintf fprintf fputc fclose 69967->69977 69978 70a219cc _errno strerror fprintf 69967->69978 69968->69958 69979 70a1dda9 GetProcAddress 69968->69979 69969->69686 69970->69686 69985 70a1d64b fprintf 69971->69985 69972->69971 69973->69899 69981 70a19faa GetProcAddress 69973->69981 69974->69686 69975->69976 69976->69899 69977->69899 69978->69977 69979->69899 69979->69958 69980->69732 69980->69899 69981->69899 69986 70a19fc6 GetProcAddress 69981->69986 69987 70a21d64 fprintf fprintf fputc fclose 69982->69987 69988 70a21d49 _errno strerror fprintf 69982->69988 69983->69899 69984->69899 70002 70a1d664 fputc 69985->70002 69986->69899 69991 70a19fdb GetProcAddress 69986->69991 69987->69899 69988->69987 69993 70a1e140 _errno strerror fprintf 69989->69993 69994 70a1e15b fprintf fprintf fputc fclose 69989->69994 70000 70a1df32 _errno strerror fprintf 69990->70000 70001 70a1df4d fprintf fprintf fputc fclose 69990->70001 69991->69899 70003 70a19ff7 GetProcAddress 69991->70003 70011 70a1dcd9 fputc 69992->70011 69993->69994 69994->69899 69995->69899 70014 70a21a64 fputc 69996->70014 69998 70a1d998 fprintf fprintf fputc fclose 69997->69998 69999 70a1d97d _errno strerror fprintf 69997->69999 69998->69899 69999->69998 70000->70001 70001->69899 70002->69686 70003->69899 70009 70a1a00c GetProcAddress 70003->70009 70012 70a21e76 fprintf fprintf fputc fclose 70004->70012 70013 70a21e5b _errno strerror fprintf 70004->70013 70005->69899 70006->69899 70020 70a21c39 fprintf fprintf fputc fclose 70007->70020 70021 70a21c1e _errno strerror fprintf 70007->70021 70008->69899 70009->69899 70022 70a1a021 GetProcAddress 70009->70022 70035 70a21de1 fputc 70010->70035 70011->69686 70012->69899 70013->70012 70014->69686 70016 70a1de20 _errno strerror fprintf 70015->70016 70017 70a1de3b fprintf fprintf fputc fclose 70015->70017 70016->70017 70017->69899 70026 70a21b27 fprintf fprintf fputc fclose 70018->70026 70027 70a21b0c _errno strerror fprintf 70018->70027 70029 70a1daaa fprintf fprintf fputc fclose 70019->70029 70030 70a1da8f _errno strerror fprintf 70019->70030 70020->69899 70021->70020 70022->69899 70034 70a1a03d GetProcAddress 70022->70034 70042 70a1e1d8 fputc 70023->70042 70024->69899 70045 70a1da15 fputc 70025->70045 70026->69899 70027->70026 70028->69899 70029->69899 70030->70029 70048 70a1dfca fputc 70031->70048 70032->69899 70039 70a21857 fprintf fprintf fputc fclose 70033->70039 70040 70a2183c _errno strerror fprintf 70033->70040 70034->69899 70041 70a1a059 GetProcAddress 70034->70041 70035->69686 70036->69899 70046 70a21745 fprintf fprintf fputc fclose 70037->70046 70047 70a2172a _errno strerror fprintf 70037->70047 70038->69899 70039->69899 70040->70039 70041->69899 70051 70a1a075 GetProcAddress 70041->70051 70042->69686 70058 70a21ef3 fputc 70043->70058 70061 70a1deb8 fputc 70044->70061 70045->69686 70046->69899 70047->70046 70048->69686 70063 70a21cb6 fputc 70049->70063 70050->69899 70051->69899 70056 70a1a091 GetProcAddress 70051->70056 70059 70a21605 fprintf fprintf fputc fclose 70052->70059 70060 70a215ea _errno strerror fprintf 70052->70060 70070 70a21ba4 fputc 70053->70070 70073 70a1db27 fputc 70054->70073 70055->69899 70056->69899 70067 70a1a0ad GetProcAddress 70056->70067 70068 70a214f3 fprintf fprintf fputc fclose 70057->70068 70069 70a214d8 _errno strerror fprintf 70057->70069 70058->69686 70059->69899 70060->70059 70061->69686 70062->69899 70063->69686 70074 70a213b3 fprintf fprintf fputc fclose 70064->70074 70075 70a21398 _errno strerror fprintf 70064->70075 70409 70a2d4b0 70065->70409 70082 70a218d4 fputc 70066->70082 70067->69899 70077 70a1a0c9 GetProcAddress 70067->70077 70068->69899 70069->70068 70070->69686 70080 70a212a1 fprintf fprintf fputc fclose 70071->70080 70081 70a21286 _errno strerror fprintf 70071->70081 70087 70a217c2 fputc 70072->70087 70073->69686 70074->69899 70075->70074 70077->69899 70084 70a1a0e5 GetProcAddress 70077->70084 70078->69899 70095 70a21682 fputc 70079->70095 70080->69899 70081->70080 70082->69686 70083->69899 70084->69899 70089 70a1a101 GetProcAddress 70084->70089 70085->69899 70092 70a1b71e _errno strerror fprintf 70085->70092 70093 70a21161 fprintf fprintf fputc fclose 70086->70093 70094 70a21146 _errno strerror fprintf 70086->70094 70087->69686 70088->69899 70089->69899 70100 70a1a116 GetProcAddress 70089->70100 70101 70a21034 _errno strerror fprintf 70090->70101 70102 70a2104f fprintf fprintf fputc fclose 70090->70102 70108 70a21570 fputc 70091->70108 70092->69899 70093->69899 70094->70093 70095->69686 70096->69899 70105 70a20ef4 _errno strerror fprintf 70097->70105 70106 70a20f0f fprintf fprintf fputc fclose 70097->70106 70113 70a21430 fputc 70098->70113 70099->69732 70100->69899 70107 70a1a132 GetProcAddress 70100->70107 70101->70102 70102->69899 70111 70a20de2 _errno strerror fprintf 70103->70111 70112 70a20dfd fprintf fprintf fputc fclose 70103->70112 70117 70a2131e fputc 70104->70117 70105->70106 70106->69899 70107->69899 70115 70a1a14e GetProcAddress 70107->70115 70108->69686 70109->69899 70125 70a211de fputc 70110->70125 70111->70112 70112->69899 70113->69686 70114->69899 70115->69899 70121 70a1a16a GetProcAddress 70115->70121 70123 70a20ca2 _errno strerror fprintf 70116->70123 70124 70a20cbd fprintf fprintf fputc fclose 70116->70124 70117->69686 70118->69899 70129 70a20b90 _errno strerror fprintf 70120->70129 70130 70a20bab fprintf fprintf fputc fclose 70120->70130 70121->69899 70131 70a1a186 GetProcAddress 70121->70131 70137 70a210cc fputc 70122->70137 70123->70124 70124->69899 70125->69686 70126->69899 70134 70a20a50 _errno strerror fprintf 70127->70134 70135 70a20a6b fprintf fprintf fputc fclose 70127->70135 70143 70a20f8c fputc 70128->70143 70129->70130 70130->69899 70131->69899 70136 70a1a1a2 GetProcAddress 70131->70136 70140 70a20959 fprintf fprintf fputc fclose 70132->70140 70141 70a2093e _errno strerror fprintf 70132->70141 70148 70a20e7a fputc 70133->70148 70134->70135 70135->69899 70136->69899 70146 70a1a1be GetProcAddress 70136->70146 70137->69686 70138->69899 70156 70a20d3a fputc 70139->70156 70140->69899 70141->70140 70142->69899 70149 70a1c545 _errno strerror fprintf 70142->70149 70143->69686 70144->69899 70146->69899 70153 70a1a1d3 GetProcAddress 70146->70153 70154 70a20819 fprintf fprintf fputc fclose 70147->70154 70155 70a207fe _errno strerror fprintf 70147->70155 70148->69686 70149->69732 70150->69899 70160 70a20707 fprintf fprintf fputc fclose 70151->70160 70161 70a206ec _errno strerror fprintf 70151->70161 70168 70a20c28 fputc 70152->70168 70153->69899 70162 70a1a1e8 GetProcAddress 70153->70162 70154->69899 70155->70154 70156->69686 70157->69899 70165 70a205c7 fprintf fprintf fputc fclose 70158->70165 70166 70a205ac _errno strerror fprintf 70158->70166 70174 70a20ae8 fputc 70159->70174 70160->69899 70161->70160 70162->69899 70169 70a1a204 GetProcAddress 70162->70169 70172 70a204b5 fprintf fprintf fputc fclose 70163->70172 70173 70a2049a _errno strerror fprintf 70163->70173 70178 70a209d6 fputc 70164->70178 70165->69899 70166->70165 70167->69763 70167->69899 70168->69686 70169->69899 70176 70a1a220 GetProcAddress 70169->70176 70170->69899 70185 70a20896 fputc 70171->70185 70172->69899 70173->70172 70174->69686 70175->69899 70176->69899 70182 70a1a23c GetProcAddress 70176->70182 70183 70a20375 fprintf fprintf fputc fclose 70177->70183 70184 70a2035a _errno strerror fprintf 70177->70184 70178->69686 70179->69899 70189 70a20263 fprintf fprintf fputc fclose 70180->70189 70190 70a20248 _errno strerror fprintf 70180->70190 70198 70a20784 fputc 70181->70198 70182->69899 70192 70a1a258 GetProcAddress 70182->70192 70183->69899 70184->70183 70185->69686 70186->69899 70196 70a20123 fprintf fprintf fputc fclose 70187->70196 70197 70a20108 _errno strerror fprintf 70187->70197 70204 70a20644 fputc 70188->70204 70189->69899 70190->70189 70191->69732 70192->69899 70200 70a1a26d GetProcAddress 70192->70200 70202 70a20011 fprintf fprintf fputc fclose 70193->70202 70203 70a1fff6 _errno strerror fprintf 70193->70203 70208 70a20532 fputc 70194->70208 70195->69899 70195->69919 70196->69899 70197->70196 70198->69686 70199->69899 70200->69899 70206 70a1a289 GetProcAddress 70200->70206 70218 70a203f2 fputc 70201->70218 70202->69899 70203->70202 70204->69686 70205->69899 70206->69899 70214 70a1a2a5 GetProcAddress 70206->70214 70215 70a1fed1 fprintf fprintf fputc fclose 70207->70215 70216 70a1feb6 _errno strerror fprintf 70207->70216 70208->69686 70209->69899 70210->69899 70220 70a1cc71 _errno strerror fprintf 70210->70220 70223 70a1fda4 _errno strerror fprintf 70211->70223 70224 70a1fdbf fprintf fprintf fputc fclose 70211->70224 70230 70a202e0 fputc 70213->70230 70214->69899 70225 70a1a2ba GetProcAddress 70214->70225 70215->69899 70216->70215 70217->69899 70218->69686 70219->69899 70220->69813 70228 70a1fc64 _errno strerror fprintf 70221->70228 70229 70a1fc7f fprintf fprintf fputc fclose 70221->70229 70236 70a201a0 fputc 70222->70236 70223->70224 70224->69899 70225->69899 70232 70a1a2d6 GetProcAddress 70225->70232 70234 70a1fb52 _errno strerror fprintf 70226->70234 70235 70a1fb6d fprintf fprintf fputc fclose 70226->70235 70242 70a2008e fputc 70227->70242 70228->70229 70229->69899 70230->69686 70231->69899 70232->69899 70240 70a1a2f2 GetProcAddress 70232->70240 70249 70a1ff4e fputc 70233->70249 70234->70235 70235->69899 70236->69686 70237->69899 70246 70a1fa12 _errno strerror fprintf 70239->70246 70247 70a1fa2d fprintf fprintf fputc fclose 70239->70247 70240->69899 70241 70a1a30e GetProcAddress 70240->70241 70241->69899 70248 70a1a32a GetProcAddress 70241->70248 70242->69686 70243->69899 70253 70a1f900 _errno strerror fprintf 70244->70253 70254 70a1f91b fprintf fprintf fputc fclose 70244->70254 70260 70a1fe3c fputc 70245->70260 70246->70247 70247->69899 70248->69899 70255 70a1a33f GetProcAddress 70248->70255 70249->69686 70250->69899 70258 70a1f7c0 _errno strerror fprintf 70251->70258 70259 70a1f7db fprintf fprintf fputc fclose 70251->70259 70267 70a1fcfc fputc 70252->70267 70253->70254 70254->69899 70255->69899 70264 70a1a35b GetProcAddress 70255->70264 70265 70a1f6c9 fprintf fprintf fputc fclose 70256->70265 70266 70a1f6ae _errno strerror fprintf 70256->70266 70271 70a1fbea fputc 70257->70271 70258->70259 70259->69899 70260->69686 70261->69899 70278 70a1faaa fputc 70263->70278 70264->69899 70270 70a1a377 GetProcAddress 70264->70270 70265->69899 70266->70265 70267->69686 70268->69899 70276 70a1f589 fprintf fprintf fputc fclose 70269->70276 70277 70a1f56e _errno strerror fprintf 70269->70277 70270->69899 70279 70a1a38c GetProcAddress 70270->70279 70271->69686 70272->69899 70283 70a1f477 fprintf fprintf fputc fclose 70273->70283 70284 70a1f45c _errno strerror fprintf 70273->70284 70290 70a1f998 fputc 70274->70290 70275->69732 70276->69899 70277->70276 70278->69686 70279->69899 70285 70a1a3a8 GetProcAddress 70279->70285 70280->69899 70288 70a1f337 fprintf fprintf fputc fclose 70281->70288 70289 70a1f31c _errno strerror fprintf 70281->70289 70296 70a1f858 fputc 70282->70296 70283->69899 70284->70283 70285->69899 70293 70a1a3c4 GetProcAddress 70285->70293 70294 70a1f225 fprintf fprintf fputc fclose 70286->70294 70295 70a1f20a _errno strerror fprintf 70286->70295 70301 70a1f746 fputc 70287->70301 70288->69899 70289->70288 70290->69686 70291->69899 70307 70a1f606 fputc 70292->70307 70293->69899 70300 70a1a3e0 GetProcAddress 70293->70300 70294->69899 70295->70294 70296->69686 70297->69899 70305 70a1f0e5 fprintf fprintf fputc fclose 70298->70305 70306 70a1f0ca _errno strerror fprintf 70298->70306 70299->69732 70299->69899 70300->69899 70309 70a1a3f5 GetProcAddress 70300->70309 70301->69686 70302->69899 70313 70a1efd3 fprintf fprintf fputc fclose 70303->70313 70314 70a1efb8 _errno strerror fprintf 70303->70314 70321 70a1f4f4 fputc 70304->70321 70305->69899 70306->70305 70307->69686 70308->69899 70315 70a1a411 GetProcAddress 70309->70315 70316 70a1e84b GetProcAddress 70309->70316 70319 70a1ee93 fprintf fprintf fputc fclose 70310->70319 70320 70a1ee78 _errno strerror fprintf 70310->70320 70328 70a1f3b4 fputc 70311->70328 70312->69732 70312->69899 70313->69899 70314->70313 70324 70a1e5f2 GetProcAddress 70315->70324 70325 70a1a42d GetProcAddress 70315->70325 70316->69899 70316->70315 70326 70a1ed81 fprintf fprintf fputc fclose 70317->70326 70327 70a1ed66 _errno strerror fprintf 70317->70327 70333 70a1f2a2 fputc 70318->70333 70319->69899 70320->70319 70321->69686 70322->69899 70339 70a1f162 fputc 70323->70339 70324->69899 70324->70325 70331 70a1e5c1 GetProcAddress 70325->70331 70332 70a1a449 GetProcAddress 70325->70332 70326->69899 70327->70326 70328->69686 70329->69899 70337 70a1ec41 fprintf fprintf fputc fclose 70330->70337 70338 70a1ec26 _errno strerror fprintf 70330->70338 70331->69899 70331->70332 70341 70a1a465 GetProcAddress 70332->70341 70342 70a1e368 GetProcAddress 70332->70342 70333->69686 70334->69899 70346 70a1eb14 _errno strerror fprintf 70335->70346 70347 70a1eb2f fprintf fprintf fputc fclose 70335->70347 70355 70a1f050 fputc 70336->70355 70337->69899 70338->70337 70339->69686 70340->69899 70348 70a1a481 GetProcAddress 70341->70348 70349 70a1e337 GetProcAddress 70341->70349 70342->69899 70342->70341 70351 70a1e9d4 _errno strerror fprintf 70343->70351 70352 70a1e9ef fprintf fprintf fputc fclose 70343->70352 70361 70a1ef10 fputc 70344->70361 70345->69675 70354 70a1b299 70345->70354 70346->70347 70347->69899 70359 70a1e0c2 GetProcAddress 70348->70359 70360 70a1a49d GetProcAddress 70348->70360 70349->69899 70349->70348 70366 70a1edfe fputc 70350->70366 70351->70352 70352->69899 70353->69732 70354->69744 70375 70a1b2b8 _errno 70354->70375 70601 70a04230 7 API calls 70354->70601 70355->69686 70356->69899 70371 70a1ecbe fputc 70357->70371 70364 70a1e8c2 _errno strerror fprintf 70358->70364 70365 70a1e8dd fprintf fprintf fputc fclose 70358->70365 70359->70360 70368 70a1e0de GetProcAddress 70359->70368 70360->69945 70360->69951 70361->69686 70362->69899 70364->70365 70365->69899 70366->69686 70367->69732 70368->69899 70368->70360 70383 70a1ebac fputc 70369->70383 70376 70a1e781 fprintf fprintf fputc fclose 70370->70376 70377 70a1e766 _errno strerror fprintf 70370->70377 70371->69686 70372->69899 70388 70a1ea6c fputc 70373->70388 70380 70a1e654 _errno strerror fprintf 70374->70380 70381 70a1e66f fprintf fprintf fputc fclose 70374->70381 70375->69685 70382 70a1c497 _errno strerror fprintf 70375->70382 70376->69899 70377->70376 70378->69899 70386 70a1e4f7 fprintf fprintf fputc fclose 70379->70386 70387 70a1e4dc _errno strerror fprintf 70379->70387 70380->70381 70381->69899 70382->69756 70383->69686 70391 70a1e3e5 fprintf fprintf fputc fclose 70384->70391 70392 70a1e3ca _errno strerror fprintf 70384->70392 70395 70a1e95a fputc 70385->70395 70386->69899 70387->70386 70388->69686 70389->69899 70398 70a1e7fe fputc 70390->70398 70391->69899 70392->70391 70393->69899 70394->69899 70395->69686 70404 70a1e6ec fputc 70396->70404 70400 70a1e252 _errno strerror fprintf 70397->70400 70401 70a1e26d fprintf fprintf fputc fclose 70397->70401 70398->69686 70405 70a1e574 fputc 70399->70405 70400->70401 70401->69899 70402->69899 70406 70a1e462 fputc 70403->70406 70404->69686 70405->69686 70406->69686 70408 70a1e2ea fputc 70407->70408 70408->69686 70410 70a2d675 70409->70410 70413 70a2d4c2 70409->70413 70605 70a2d050 __iob_func abort 70410->70605 70413->69732 70415 70a2db4f 70414->70415 70427 70a2d938 70414->70427 70606 70a2d050 __iob_func abort 70415->70606 70417 70a2d947 memcmp 70419 70a2d960 memcmp 70417->70419 70420 70a2da52 70417->70420 70419->70420 70421 70a2d97f memcmp 70419->70421 70420->69732 70421->70420 70422 70a2d99f memcmp 70421->70422 70422->70420 70423 70a2d9bf memcmp 70422->70423 70423->70420 70424 70a2d9df memcmp 70423->70424 70424->70420 70425 70a2d9ff memcmp 70424->70425 70425->70420 70426 70a2da1f memcmp 70425->70426 70426->70420 70426->70427 70427->70417 70427->70420 70429 70a2d8f7 70428->70429 70440 70a2d6a8 70428->70440 70607 70a2d050 __iob_func abort 70429->70607 70431 70a2d6b7 memcmp 70432 70a2d6d0 memcmp 70431->70432 70441 70a2d7c5 70431->70441 70434 70a2d6f2 memcmp 70432->70434 70432->70441 70435 70a2d712 memcmp 70434->70435 70434->70441 70436 70a2d732 memcmp 70435->70436 70435->70441 70437 70a2d752 memcmp 70436->70437 70436->70441 70438 70a2d772 memcmp 70437->70438 70437->70441 70439 70a2d792 memcmp 70438->70439 70438->70441 70439->70440 70439->70441 70440->70431 70440->70441 70441->69732 70443 70a2d341 70442->70443 70450 70a2d226 70442->70450 70608 70a2d050 __iob_func abort 70443->70608 70445 70a2d238 strcmp 70445->70450 70455 70a2d32f 70445->70455 70447 70a2d262 strcmp 70447->70450 70447->70455 70448 70a2d281 strcmp 70448->70450 70448->70455 70449 70a2d2a0 strcmp 70449->70450 70449->70455 70450->70445 70450->70447 70450->70448 70450->70449 70451 70a2d2bf strcmp 70450->70451 70452 70a2d2da strcmp 70450->70452 70453 70a2d2f5 strcmp 70450->70453 70454 70a2d310 strcmp 70450->70454 70450->70455 70451->70450 70451->70455 70452->70450 70452->70455 70453->70450 70453->70455 70454->70450 70454->70455 70455->69732 70457 70a2d488 70456->70457 70465 70a2d376 70456->70465 70609 70a2d050 __iob_func abort 70457->70609 70459 70a2d388 strcmp 70461 70a2d476 70459->70461 70459->70465 70461->69732 70462 70a2d3ac strcmp 70462->70461 70462->70465 70463 70a2d3c8 strcmp 70463->70461 70463->70465 70464 70a2d3e7 strcmp 70464->70461 70464->70465 70465->70459 70465->70461 70465->70462 70465->70463 70465->70464 70466 70a2d406 strcmp 70465->70466 70467 70a2d421 strcmp 70465->70467 70468 70a2d43c strcmp 70465->70468 70469 70a2d457 strcmp 70465->70469 70466->70461 70466->70465 70467->70461 70467->70465 70468->70461 70468->70465 70469->70461 70469->70465 70471 70a7083e 70470->70471 70610 70a70a09 70471->70610 70473 70a70873 exit 70474 70a7088e 70473->70474 70474->69732 70475 70a70843 70475->70473 70613 70a70a30 GetCurrentThread GetThreadContext 70475->70613 70477 70a70855 70477->70473 70478 70a70859 70477->70478 70478->69732 70620 70a6fc00 70479->70620 70481 70a04a15 70482 70a04a25 free 70481->70482 70483 70a04a63 70481->70483 70494 70a05fd0 70482->70494 70635 70a04230 7 API calls 70483->70635 70485 70a04a76 70486 70a04b20 fprintf 70485->70486 70487 70a04a82 _errno 70485->70487 70491 70a04ae8 fprintf 70486->70491 70488 70a04b54 _errno strerror fprintf 70487->70488 70489 70a04a96 fprintf fprintf fputc fclose 70487->70489 70488->70489 70489->70491 70493 70a04b0b fputc 70491->70493 70493->70482 70495 70a05ff2 70494->70495 70558 70a0609d 70494->70558 70497 70a06110 malloc 70495->70497 70498 70a06010 70495->70498 70496 70a024c0 strlen strlen malloc _strdup 70496->70558 70499 70a0612a memcpy 70497->70499 70500 70a061b1 malloc 70498->70500 70501 70a0602e 70498->70501 70499->69732 70500->70499 70502 70a060fa 70501->70502 70504 70a06150 malloc 70501->70504 70505 70a0605f getenv 70501->70505 70502->69732 70504->70499 70537 70a06074 70505->70537 70507 70a060e8 free 70507->70502 70508 70a064e1 _errno 70511 70a066b3 _errno strerror fprintf 70508->70511 70512 70a064ef fprintf fprintf fputc fclose 70508->70512 70509 70a0617c free 70513 70a06184 70509->70513 70510 70a0631c _errno 70510->70537 70511->70537 70512->70558 70517 70a06195 70513->70517 70530 70a061f8 70513->70530 70514 70a06340 free 70514->70558 70515 70a061f1 free 70515->70513 70516 70a06420 _access 70516->70537 70516->70558 70526 70a061a4 _errno 70517->70526 70527 70a0664e _errno strerror 70517->70527 70518 70a06617 fprintf 70518->70558 70520 70a06585 getenv 70520->70537 70521 70a0635d strlen strlen malloc 70524 70a065c6 70521->70524 70521->70558 70522 70a067fe 70729 70a04230 7 API calls 70522->70729 70523 70a0654f fprintf 70536 70a06564 fputc 70523->70536 70533 70a06719 70524->70533 70534 70a065db 70524->70534 70525 70a0644e 70726 70a04900 15 API calls 70525->70726 70526->70502 70527->70534 70529 70a06217 _errno 70531 70a0623a 8 API calls 70529->70531 70532 70a0621f _errno strerror fprintf 70529->70532 70530->70529 70543 70a0668a fprintf 70530->70543 70723 70a04230 7 API calls 70530->70723 70545 70a062b2 fprintf 70531->70545 70532->70531 70728 70a04230 7 API calls 70533->70728 70534->70526 70536->70537 70537->70510 70537->70516 70537->70520 70537->70521 70537->70522 70539 70a065ae getenv 70537->70539 70537->70558 70538 70a06811 70541 70a0689c 70538->70541 70542 70a0681d _errno 70538->70542 70539->70521 70539->70524 70540 70a06459 free 70540->70502 70547 70a0646d 70540->70547 70552 70a068e3 fprintf 70541->70552 70562 70a068aa fprintf 70541->70562 70548 70a06846 fprintf fprintf fputc fclose 70542->70548 70549 70a0682b _errno strerror fprintf 70542->70549 70543->70511 70557 70a062ca fputc 70545->70557 70551 70a06930 70547->70551 70561 70a0647a 70547->70561 70548->70541 70549->70548 70550 70a0672c 70553 70a06738 _errno 70550->70553 70554 70a06795 70550->70554 70730 70a04230 7 API calls 70551->70730 70552->70541 70555 70a06910 _errno strerror fprintf 70553->70555 70556 70a06743 fprintf fprintf fputc fclose 70553->70556 70560 70a067d8 fprintf 70554->70560 70569 70a067a3 fprintf 70554->70569 70555->70551 70556->70554 70557->70558 70558->70496 70558->70507 70558->70508 70558->70509 70558->70510 70558->70514 70558->70515 70558->70518 70558->70520 70558->70521 70558->70523 70558->70525 70558->70537 70722 70a04900 15 API calls 70558->70722 70724 70a05f60 6 API calls 70558->70724 70725 70a04900 15 API calls 70558->70725 70727 70a04230 7 API calls 70558->70727 70560->70554 70561->70526 70565 70a06490 _errno strerror 70561->70565 70570 70a068c3 fputc 70562->70570 70564 70a06943 70567 70a06a0b fprintf 70564->70567 70568 70a0694f _errno 70564->70568 70576 70a064bd 70565->70576 70566 70a063f8 free 70566->70513 70571 70a0640c 70566->70571 70574 70a069c3 _errno strerror 70567->70574 70572 70a06961 6 API calls 70568->70572 70573 70a06a49 _errno strerror fprintf 70568->70573 70577 70a067b8 fputc 70569->70577 70570->70541 70571->70502 70572->70574 70578 70a069dd fprintf 70574->70578 70576->70526 70577->70554 70579 70a069f9 fputc 70578->70579 70579->70567 70581 70a05fd0 107 API calls 70580->70581 70582 70a0da2a 70581->70582 70583 70a0da80 70582->70583 70584 70a0da32 70582->70584 70585 70a0daa0 70583->70585 70586 70a0da91 _errno 70583->70586 70731 70a0a7b0 70584->70731 71148 70a04230 7 API calls 70585->71148 70588 70a0da74 70586->70588 70588->69732 70591 70a0dab3 70592 70a0db4c fprintf 70591->70592 70593 70a0dabf _errno 70591->70593 70596 70a0db1a fprintf 70592->70596 70594 70a0db80 _errno strerror fprintf 70593->70594 70595 70a0dacb fprintf fprintf fputc fclose 70593->70595 70594->70595 70595->70596 70599 70a0db3a fputc 70596->70599 70599->70586 70600->69766 70601->70354 70602->69899 70603->69732 70604->69877 70616 70a708e0 70610->70616 70615 70a70a6e GetCurrentThread SetThreadContext 70613->70615 70615->70477 70617 70a708f4 70616->70617 70618 70a70942 70617->70618 70619 70a70927 NtSetInformationThread 70617->70619 70618->70475 70619->70618 70636 70a70b90 70620->70636 70622 70a6fc52 malloc 70623 70a6fc73 memcpy 70622->70623 70624 70a6fd2e 70622->70624 70623->70624 70634 70a6fc95 70623->70634 70624->70481 70625 70a772b0 abort 70625->70634 70627 70a7bb60 fwrite abort 70627->70634 70634->70624 70634->70625 70634->70627 70637 70a93d70 70634->70637 70665 70a75940 70634->70665 70688 70a76ad0 70634->70688 70692 70a7c030 fwrite abort 70634->70692 70693 70a75b10 free UnmapViewOfFile GetLastError _errno 70634->70693 70694 70a76ad0 abort 70634->70694 70695 70a77210 abort 70634->70695 70635->70485 70636->70622 70638 70a93d8c 70637->70638 70656 70a93f49 70637->70656 70640 70a93f30 70638->70640 70641 70a93f09 70638->70641 70642 70a93daa 70638->70642 70644 70a94b20 9 API calls 70640->70644 70640->70656 70700 70a94b20 70641->70700 70713 70a82990 fwrite abort abort abort 70642->70713 70644->70656 70647 70a94009 memset 70647->70656 70648 70a70c30 free 70648->70656 70649 70a93e95 70651 70a93ea7 70649->70651 70649->70656 70650 70a93ead 70696 70a961a0 70650->70696 70651->70650 70654 70a93ed3 70651->70654 70653 70a93dd5 70653->70649 70657 70a93eca 70653->70657 70663 70a93e28 70653->70663 70716 70a70c30 70654->70716 70655 70a93ec0 70655->70657 70659 70a961a0 VirtualProtect 70655->70659 70656->70647 70656->70648 70656->70650 70719 70a7a8d0 11 API calls 70656->70719 70720 70a94610 memcpy free 70656->70720 70657->70634 70660 70a93efc 70659->70660 70660->70634 70662 70a94b20 9 API calls 70662->70663 70663->70649 70663->70653 70663->70662 70714 70a94cf0 UnmapViewOfFile GetLastError _errno 70663->70714 70715 70a82990 fwrite abort abort abort 70663->70715 70666 70a70c30 free 70665->70666 70667 70a7596e 70666->70667 70668 70a70c30 free 70667->70668 70669 70a7597b 70668->70669 70670 70a70c30 free 70669->70670 70671 70a75998 70670->70671 70672 70a70c30 free 70671->70672 70673 70a759a8 70672->70673 70674 70a70c30 free 70673->70674 70675 70a759b8 70674->70675 70676 70a70c30 free 70675->70676 70677 70a759c8 70676->70677 70678 70a70c30 free 70677->70678 70679 70a759d8 70678->70679 70680 70a75a2f 70679->70680 70682 70a70c30 free 70679->70682 70681 70a70c30 free 70680->70681 70683 70a75a3b 70681->70683 70682->70679 70684 70a75a91 70683->70684 70686 70a70c30 free 70683->70686 70685 70a70c30 free 70684->70685 70687 70a75a9d 70685->70687 70686->70683 70689 70a76af5 70688->70689 70690 70a76aed 70688->70690 70689->70634 70690->70689 70721 70a76490 abort 70690->70721 70692->70634 70693->70634 70694->70634 70695->70634 70699 70a961aa 70696->70699 70697 70a961d6 VirtualProtect 70698 70a961ee 70697->70698 70698->70655 70699->70697 70699->70698 70706 70a94b3a 70700->70706 70701 70a94b77 _errno 70702 70a94b8f 70701->70702 70703 70a94c40 _errno 70701->70703 70702->70703 70707 70a94ba2 70702->70707 70704 70a94c4f 70703->70704 70704->70640 70705 70a94cd8 70706->70701 70706->70705 70708 70a94bb3 CreateFileMappingA 70707->70708 70709 70a94ca4 _get_osfhandle 70707->70709 70711 70a94c18 GetLastError _errno 70708->70711 70712 70a94be3 MapViewOfFile CloseHandle 70708->70712 70709->70708 70710 70a94cbe _errno 70709->70710 70710->70704 70711->70640 70712->70704 70712->70711 70713->70653 70714->70663 70715->70663 70717 70a70c40 free 70716->70717 70718 70a70c4d 70716->70718 70717->70718 70718->70655 70719->70656 70720->70656 70721->70689 70722->70558 70723->70530 70724->70558 70725->70566 70726->70540 70727->70558 70728->70550 70729->70538 70730->70564 70732 70a0a7c6 70731->70732 70733 70a05fd0 107 API calls 70732->70733 70734 70a0a7f7 70733->70734 70735 70a0afd0 70734->70735 70736 70a0a803 70734->70736 70737 70a0acd4 _errno 70735->70737 70738 70a0afe7 70735->70738 71149 70a2b990 70736->71149 70741 70a0ad43 free 70737->70741 71310 70a04230 7 API calls 70738->71310 70741->70588 70743 70a0affa 70747 70a0c7f0 fprintf 70743->70747 70748 70a0b006 _errno 70743->70748 70744 70a0bea1 free 70769 70a0acc5 70744->70769 71081 70a0c6e8 70744->71081 70745 70a0ac80 70757 70a0aca0 free free 70745->70757 70746 70a0a83a strncmp 70750 70a0a8b0 70746->70750 70751 70a0a89a strchr 70746->70751 70770 70a0c850 70747->70770 70752 70a0b014 fprintf fputc fclose 70748->70752 70753 70a0ce6e _errno strerror fprintf 70748->70753 70756 70a0a420 55 API calls 70750->70756 70751->70750 70755 70a0c2e1 70751->70755 70764 70a0b05b fputc 70752->70764 70759 70a0ce8e fprintf 70753->70759 70754 70a0c715 70760 70a0c721 _errno 70754->70760 70761 70a0ccc6 fprintf 70754->70761 70763 70a0c2f8 70755->70763 70755->70769 70762 70a0a8ef 70756->70762 70864 70a0acb0 70757->70864 70779 70a0b531 fprintf 70759->70779 70765 70a0d201 _errno strerror fprintf 70760->70765 70766 70a0c72d fprintf 70760->70766 70785 70a0ccfd 70761->70785 70767 70a0ad62 free 70762->70767 70768 70a0a8fb 70762->70768 71330 70a04230 7 API calls 70763->71330 70764->70737 70912 70a0b840 70765->70912 71334 70a2db70 70766->71334 70767->70864 71179 70a2ffd0 70768->71179 70769->70737 70777 70a0c867 70770->70777 70947 70a0bc2a 70770->70947 70775 70a04230 7 API calls 70775->70912 71336 70a04230 7 API calls 70777->71336 70778 70a0c30b 70783 70a0c317 _errno 70778->70783 70832 70a0d105 70778->70832 70811 70a0b551 fputc 70779->70811 70780 70a0c758 fprintf fputc fclose 70784 70a0c78d 70780->70784 70788 70a0c321 _errno strerror fprintf 70783->70788 70789 70a0c33c fprintf fprintf fputc fclose 70783->70789 70808 70a0c79e fprintf 70784->70808 71339 70a04230 7 API calls 70785->71339 70786 70a0b85f _errno 70793 70a0b882 fprintf 70786->70793 70794 70a0b867 _errno strerror fprintf 70786->70794 70787 70a0c87a 70797 70a0d415 fprintf 70787->70797 70798 70a0c886 _errno 70787->70798 70788->70789 70800 70a0c399 fprintf 70789->70800 70791 70a0d14a fprintf 70791->70832 70792 70a0bc4c _errno 70792->70741 70825 70a0b8e2 70793->70825 70794->70793 70821 70a0d44c _errno strerror fprintf 70797->70821 70804 70a0c894 fprintf fprintf fputc fclose 70798->70804 70805 70a0d74d _errno strerror fprintf 70798->70805 70799 70a0d240 _errno 70807 70a0d251 _errno strerror fprintf 70799->70807 70799->70912 70815 70a0c3ab fputc 70800->70815 70801 70a0c923 fprintf 70816 70a0c950 memcpy 70801->70816 70802 70a0cd10 70809 70a0cd1c _errno 70802->70809 70802->70832 70813 70a0c8f1 fprintf 70804->70813 70805->70864 70807->70912 70822 70a0c7b3 fputc 70808->70822 70817 70a0cd41 fprintf 70809->70817 70818 70a0cd26 _errno strerror fprintf 70809->70818 70810 70a0b8ad fprintf fputc fclose 70810->70825 70811->70769 70827 70a0c903 fputc 70813->70827 70814 70a0d27a fprintf fprintf fputc fclose 70814->70912 70815->70769 70816->70864 70857 70a0cd8b 70817->70857 70818->70817 70819 70a0d599 fprintf 70819->70912 70820 70a0a974 70820->70757 70836 70a0a97c 70820->70836 70829 70a0d46c 70821->70829 70831 70a0c7c5 70822->70831 70823 70a0d113 fprintf 70823->70832 70824 70a0d181 fprintf 70824->70832 70825->70810 70833 70a0b8f3 fprintf 70825->70833 70826 70a0a98d free free 70828 70a0a9ac 70826->70828 70826->70864 70827->70947 70834 70a0a9b5 strncmp 70828->70834 70828->70864 71342 70a04230 7 API calls 70829->71342 70830 70a0d2c9 fprintf 70845 70a0d2db fputc 70830->70845 71335 70a04230 7 API calls 70831->71335 70832->70791 70832->70823 70832->70824 70847 70a0d1b8 fprintf 70832->70847 70848 70a0b908 fputc 70833->70848 70841 70a0a9dd strncmp 70834->70841 70873 70a0aeb0 70834->70873 70836->70826 70844 70a04a00 49 API calls 70836->70844 70839 70a0d5d7 fprintf 70849 70a0d600 _errno strerror fprintf 70839->70849 70840 70a0bd19 strncmp 70840->70741 70840->70864 70850 70a0ad74 atof _time64 70841->70850 70851 70a0a9fa 70841->70851 70842 70a0b7b9 strncmp 70842->70864 71097 70a0bf57 70842->71097 70843 70a0d47f 70853 70a0d48b _errno 70843->70853 71085 70a0d70c fprintf 70843->71085 70854 70a0ae67 70844->70854 70861 70a0d2ed free 70845->70861 70846 70a0c7d8 70855 70a0c7e4 _errno 70846->70855 70856 70a0cc8f fprintf 70846->70856 70862 70a0d1e1 _errno strerror fprintf 70847->70862 70848->70864 70867 70a0d620 _errno strerror fprintf 70849->70867 70877 70a0b563 70850->70877 70878 70a0add6 70850->70878 70858 70a0aa06 strncmp 70851->70858 70851->70864 70860 70a0d9b8 _errno strerror fprintf 70853->70860 71058 70a0c12a fprintf fprintf fputc fclose 70853->71058 70854->70826 70855->70747 70855->70862 70856->70761 71340 70a04230 7 API calls 70857->71340 70868 70a0aa29 70858->70868 70881 70a0aa4a 70858->70881 70859 70a0bf9a 70869 70a0bfa6 _errno 70859->70869 70870 70a0ce37 fprintf 70859->70870 70886 70a0d9d8 _errno strerror fprintf 70860->70886 70872 70a0d640 70861->70872 70861->70947 70862->70765 70864->70741 70864->70769 70864->70840 70864->70842 70876 70a0b708 _errno 70864->70876 70864->70912 70864->71085 70864->71097 70867->70872 70880 70a0be80 _time64 70868->70880 70868->70881 70888 70a0bfb0 _errno strerror fprintf 70869->70888 70889 70a0bfcb 70869->70889 70870->70753 70910 70a0d8a5 fprintf 70872->70910 70911 70a0d65f _errno 70872->70911 71344 70a04230 7 API calls 70872->71344 70883 70a0aee1 70873->70883 70885 70a0b2e9 70873->70885 70902 70a0b28a sprintf strstr 70873->70902 70874 70a0cd9e 70874->70832 70884 70a0cdaa _errno 70874->70884 70876->70741 70890 70a0b571 70877->70890 70891 70a0ba62 70877->70891 70878->70769 70878->70864 70898 70a0bb50 70878->70898 70879 70a0c179 fprintf 70933 70a0c199 fputc 70879->70933 70880->70744 70881->70741 70881->70864 70882 70a0aa84 strncmp 70881->70882 70892 70a0af30 70882->70892 70893 70a0aaa9 strncmp 70882->70893 70883->70769 70894 70a0b962 70883->70894 70884->70867 70895 70a0cdb6 fprintf fprintf fputc fclose 70884->70895 70885->70769 70885->70831 70885->70864 70886->70864 70888->70889 70889->70769 70927 70a0bff7 70889->70927 70890->70737 70915 70a0b587 _errno strerror 70890->70915 71319 70a04230 7 API calls 70891->71319 70904 70a0b740 70892->70904 70905 70a0af4e 70892->70905 70901 70a0b070 70893->70901 70973 70a0aac9 70893->70973 71318 70a04230 7 API calls 70894->71318 70920 70a0ce13 fprintf 70895->70920 71320 70a04230 7 API calls 70898->71320 70928 70a0b091 70901->70928 71120 70a0c442 70901->71120 70918 70a0b2c3 strcmp 70902->70918 70919 70a0d054 strstr 70902->70919 70903 70a0ba75 70921 70a0ba81 _errno 70903->70921 71090 70a0ca09 fprintf 70903->71090 71317 70a230c0 24 API calls 70904->71317 70941 70a0c1b0 70905->70941 70959 70a0af67 70905->70959 70907 70a0cfa8 fprintf 70982 70a0cfdf fprintf 70907->70982 70908 70a0caad _errno 70923 70a0cad2 fprintf fprintf fputc fclose 70908->70923 70924 70a0cab7 _errno strerror fprintf 70908->70924 70975 70a0d8dc fprintf 70910->70975 70911->70886 70926 70a0d66a fprintf fprintf fputc fclose 70911->70926 70912->70775 70912->70786 70912->70799 70912->70801 70912->70814 70912->70819 70912->70830 70912->70839 70912->70907 70912->70908 70913 70a0bc7f _errno 70912->70913 70914 70a0d7d1 _errno 70912->70914 70945 70a0cb61 fprintf 70912->70945 70960 70a0d98f fprintf 70912->70960 71000 70a0d814 fprintf 70912->71000 71037 70a0d351 _errno 70912->71037 70929 70a0d0e5 _errno strerror fprintf 70913->70929 70930 70a0bc8b fprintf fprintf fputc fclose 70913->70930 70914->70912 70932 70a0d7d8 _errno strerror fprintf 70914->70932 70915->70769 70916 70a0b975 70934 70a0b981 _errno 70916->70934 70935 70a0c968 fprintf 70916->70935 70917 70a0aad2 strncmp 70936 70a0b3c0 70917->70936 70937 70a0aaf8 strncmp 70917->70937 70918->70883 70918->70885 70919->70918 70931 70a0d071 strstr 70919->70931 70958 70a0ce25 fputc 70920->70958 70939 70a0ba90 _errno strerror fprintf 70921->70939 70940 70a0baab 8 API calls 70921->70940 70961 70a0cb2f fprintf 70923->70961 70924->70923 70925 70a0bb63 70943 70a0ca57 fprintf 70925->70943 70944 70a0bb6f _errno 70925->70944 70965 70a0d6c7 fprintf 70926->70965 71325 70a04230 7 API calls 70927->71325 70948 70a0b09c 70928->70948 70949 70a0b100 70928->70949 70929->70832 70968 70a0bce8 fprintf 70930->70968 70931->70918 70951 70a0d08e strstr 70931->70951 70932->70912 70933->70769 70953 70a0cf51 _errno strerror fprintf 70934->70953 70954 70a0b98d fprintf fprintf fputc fclose 70934->70954 70999 70a0c99f 70935->70999 71313 70a230c0 24 API calls 70936->71313 70955 70a0b5b2 70937->70955 70956 70a0ab18 strncmp 70937->70956 70939->70940 70977 70a0bb20 fprintf 70940->70977 70941->70769 70952 70a0c1c7 70941->70952 70942 70a0b755 70942->70769 70942->70864 71331 70a04230 7 API calls 70942->71331 70943->70912 70962 70a0bb94 fprintf fprintf fputc fclose 70944->70962 70963 70a0bb79 _errno strerror fprintf 70944->70963 70979 70a0cb8a 70945->70979 70947->70792 71311 70a230c0 24 API calls 70948->71311 70969 70a0b113 70949->70969 70983 70a0c0d3 70949->70983 70951->70918 71328 70a04230 7 API calls 70952->71328 70994 70a0cf71 fprintf 70953->70994 70987 70a0b9f1 fprintf 70954->70987 71315 70a230c0 24 API calls 70955->71315 70956->70973 70974 70a0ab35 strncmp 70956->70974 70958->70870 71309 70a22f50 60 API calls 70959->71309 70960->70860 70990 70a0cb41 fputc 70961->70990 70991 70a0bbf1 fprintf 70962->70991 70963->70962 70992 70a0d6d9 fputc 70965->70992 70966 70a0c00a 70966->70759 70980 70a0c016 _errno 70966->70980 70998 70a0bcfa fputc 70968->70998 70969->70999 71042 70a0b0b4 70969->71042 70973->70864 70973->70917 71014 70a0c3c0 70973->71014 71041 70a0c080 70973->71041 71060 70a0bddb strncmp 70973->71060 71103 70a0be15 70973->71103 71122 70a0b200 70973->71122 71134 70a0c5a9 70973->71134 71321 70a230c0 24 API calls 70973->71321 70974->70864 70988 70a0ab52 strchr 70974->70988 70975->70779 71007 70a0bb35 fputc 70977->71007 70979->70912 70979->70947 70995 70a0c01e _errno strerror fprintf 70980->70995 71108 70a0b258 fprintf fprintf fputc fclose 70980->71108 70981 70a0da02 71039 70a0d016 fprintf 70982->71039 70983->70769 70997 70a0c0e8 70983->70997 70985 70a0b5dc 71001 70a0ba20 70985->71001 71002 70a0b5e7 70985->71002 70986 70a0c1da 70986->70982 71003 70a0c1e6 _errno 70986->71003 71018 70a0ba0a fputc 70987->71018 71004 70a0bc15 70988->71004 71005 70a0ab6d 70988->71005 70989 70a0af88 70989->70816 71008 70a0af90 70989->71008 70990->70912 71023 70a0bc03 fputc 70991->71023 70992->70864 70994->70907 70995->71108 70996 70a0b0bc 70996->70769 70996->70829 71327 70a04230 7 API calls 70997->71327 70998->70864 70999->70769 71017 70a0c9b4 70999->71017 71000->70912 71001->70769 71019 70a0cbca 71001->71019 71002->70889 71002->71002 71045 70a0b63e strncmp 71002->71045 71016 70a0d4e0 _errno strerror fprintf 71003->71016 71083 70a0c1f4 fprintf fprintf fputc fclose 71003->71083 71004->70785 71004->70947 71020 70a0c670 strchr 71005->71020 71021 70a0ab7a strchr 71005->71021 71007->70898 71008->70769 71022 70a0cec5 71008->71022 71009 70a0c428 71009->70832 71025 70a0c434 _errno 71009->71025 71011 70a0c4e2 isxdigit 71011->71120 71011->71134 71014->70769 71014->70857 71046 70a0ac3b 71016->71046 71337 70a04230 7 API calls 71017->71337 71018->71001 71338 70a04230 7 API calls 71019->71338 71068 70a0c6d3 atof 71020->71068 71069 70a0c6b5 atof 71020->71069 71021->70770 71032 70a0ab97 71021->71032 71341 70a04230 7 API calls 71022->71341 71023->71004 71024 70a0b3ea 71024->70864 71033 70a0bf00 71024->71033 71035 70a0b44c strncmp 71024->71035 71025->70849 71025->71120 71027 70a0c0fb 71027->70994 71040 70a0c107 _errno 71027->71040 71028 70a0c275 71028->70769 71049 70a0c28a 71028->71049 71029 70a0c5d8 71043 70a0d554 fprintf 71029->71043 71044 70a0c5e4 _errno 71029->71044 71307 70a024c0 strlen strlen malloc _strdup 71032->71307 71033->70769 71323 70a04230 7 API calls 71033->71323 71035->71033 71054 70a0b464 71035->71054 71056 70a0d885 _errno strerror fprintf 71037->71056 71057 70a0d35d fprintf fprintf fputc fclose 71037->71057 71038 70a0c4ff isxdigit 71038->71120 71038->71134 71039->70779 71040->71058 71059 70a0c10f _errno strerror fprintf 71040->71059 71041->70769 71073 70a0c095 71041->71073 71042->70973 71042->70996 71042->71028 71043->70912 71044->70769 71061 70a0c5ec _errno strerror fprintf 71044->71061 71045->70889 71062 70a0b656 71045->71062 71147 70a0ac52 71046->71147 71343 70a04230 7 API calls 71046->71343 71047 70a0c243 fprintf 71106 70a0c263 fputc 71047->71106 71048 70a0c9c7 71064 70a0c9d3 _errno 71048->71064 71065 70a0d4a9 fprintf 71048->71065 71329 70a04230 7 API calls 71049->71329 71053 70a0ced8 71071 70a0cee4 _errno 71053->71071 71072 70a0d3de fprintf 71053->71072 71054->70769 71054->70864 71099 70a0b49e 71054->71099 71055 70a0cbdd 71074 70a0cbe9 _errno 71055->71074 71075 70a0d0ae fprintf 71055->71075 71056->70910 71089 70a0d3ba fprintf 71057->71089 71058->70879 71059->71058 71060->70973 71060->71041 71061->70769 71062->70864 71093 70a0b679 71062->71093 71064->71058 71078 70a0c9db _errno strerror fprintf 71064->71078 71065->70879 71067 70a0aba2 71067->70979 71308 70a04900 15 API calls 71067->71308 71068->70864 71068->71081 71069->70864 71069->71020 71070 70a0bf28 71070->70817 71082 70a0bf34 _errno 71070->71082 71071->71083 71084 70a0ceec _errno strerror fprintf 71071->71084 71072->71047 71326 70a04230 7 API calls 71073->71326 71087 70a0cbf3 _errno strerror fprintf 71074->71087 71088 70a0cc0e fprintf fprintf fputc fclose 71074->71088 71075->70929 71076 70a0d513 71076->70912 71094 70a0d51f _errno 71076->71094 71078->71058 71080 70a0c29d 71080->71039 71095 70a0c2a9 _errno 71080->71095 71081->70912 71333 70a04230 7 API calls 71081->71333 71082->71097 71098 70a0bf3c _errno strerror fprintf 71082->71098 71083->71047 71084->71083 71085->70879 71087->71088 71114 70a0cc6b fprintf 71088->71114 71113 70a0d3cc fputc 71089->71113 71090->70943 71093->70769 71104 70a0b68e 71093->71104 71094->70912 71105 70a0d526 _errno strerror fprintf 71094->71105 71107 70a0c2b3 _errno strerror fprintf 71095->71107 71095->71108 71097->70769 71324 70a04230 7 API calls 71097->71324 71098->71097 71314 70a04230 7 API calls 71099->71314 71100 70a0c0a8 71111 70a0c0b4 _errno 71100->71111 71112 70a0cf1a fprintf 71100->71112 71103->70769 71116 70a0be2a 71103->71116 71316 70a04230 7 API calls 71104->71316 71105->70912 71106->70769 71107->71108 71108->70779 71109 70a0abbb 71109->70861 71118 70a0abca free 71109->71118 71111->70821 71111->71108 71112->70779 71113->71072 71128 70a0cc7d fputc 71114->71128 71115 70a0c577 memcmp 71115->71120 71322 70a04230 7 API calls 71116->71322 71118->71039 71124 70a0abde 71118->71124 71119 70a0b4b1 71126 70a0d94a fprintf 71119->71126 71127 70a0b4bd _errno 71119->71127 71120->70747 71120->70973 71120->70981 71120->71011 71120->71038 71120->71090 71120->71115 71120->71134 71122->70769 71130 70a0b217 71122->71130 71123 70a0b6a1 71131 70a0d913 fprintf 71123->71131 71132 70a0b6ad _errno 71123->71132 71124->71039 71142 70a0ac0b free atof 71124->71142 71126->70912 71127->71108 71133 70a0b4c4 _errno strerror fprintf 71127->71133 71128->70856 71129 70a0be3d 71129->70975 71135 70a0be49 _errno 71129->71135 71312 70a04230 7 API calls 71130->71312 71131->70779 71132->71108 71137 70a0b6b4 _errno strerror fprintf 71132->71137 71133->71108 71134->70769 71332 70a04230 7 API calls 71134->71332 71135->71108 71139 70a0be50 _errno strerror fprintf 71135->71139 71137->71108 71139->71108 71140 70a0b22a 71143 70a0b236 _errno 71140->71143 71144 70a0d77b fprintf 71140->71144 71142->70864 71142->71046 71143->71108 71145 70a0b23d _errno strerror fprintf 71143->71145 71144->70779 71145->71108 71147->70792 71148->70591 71150 70a2b9a1 71149->71150 71151 70a2bdba 71149->71151 71152 70a2bda1 71150->71152 71163 70a0a820 71150->71163 71345 70a2d050 __iob_func abort 71150->71345 71347 70a2d050 __iob_func abort 71151->71347 71346 70a2d050 __iob_func abort 71152->71346 71163->70744 71163->70745 71163->70746 71180 70a2fff0 71179->71180 71181 70a3044c 71179->71181 71183 70a30433 71180->71183 71186 70a3000b 71180->71186 71187 70a3041a 71180->71187 71355 70a2d050 __iob_func abort 71181->71355 71183->71181 71354 70a2d050 __iob_func abort 71183->71354 71195 70a0a916 71186->71195 71196 70a30065 calloc 71186->71196 71353 70a2d050 __iob_func abort 71187->71353 71195->70757 71222 70a30c10 71195->71222 71197 70a30084 71196->71197 71203 70a30168 71196->71203 71348 70a33110 6 API calls 71197->71348 71200 70a300ba 71201 70a30130 71200->71201 71202 70a300be 71200->71202 71350 70a32fa0 __iob_func abort calloc free 71201->71350 71349 70a32fa0 __iob_func abort calloc free 71202->71349 71206 70a30223 71203->71206 71207 70a30390 71203->71207 71213 70a30114 71203->71213 71206->71213 71351 70a32fa0 __iob_func abort calloc free 71206->71351 71207->71213 71352 70a32fa0 __iob_func abort calloc free 71207->71352 71208 70a3011e free 71208->71195 71213->71208 71223 70a30eab 71222->71223 71224 70a30c4f 71222->71224 71360 70a2d050 __iob_func abort 71223->71360 71225 70a30e92 71224->71225 71227 70a30e79 71224->71227 71230 70a30e60 71224->71230 71231 70a30c6a 71224->71231 71359 70a2d050 __iob_func abort 71225->71359 71358 70a2d050 __iob_func abort 71227->71358 71229 70a30ec4 memcmp 71233 70a30dce free 71229->71233 71260 70a30eda 71229->71260 71357 70a2d050 __iob_func abort 71230->71357 71236 70a0a968 71231->71236 71239 70a30ce4 malloc 71231->71239 71235 70a30dd6 free 71233->71235 71237 70a30de5 71235->71237 71261 70a2ff60 71236->71261 71237->71235 71238 70a36b50 22 API calls 71237->71238 71238->71237 71239->71236 71240 70a30cfb 71239->71240 71240->71235 71241 70a30d3a free 71240->71241 71242 70a30d4e 71240->71242 71241->71236 71242->71237 71243 70a30d57 malloc 71242->71243 71243->71235 71244 70a30d89 71243->71244 71356 70a377e0 memcpy 71244->71356 71246 70a30db8 71246->71233 71247 70a30dc3 71246->71247 71248 70a30e31 71246->71248 71247->71229 71247->71233 71248->71237 71361 70a324f0 __iob_func abort 71248->71361 71250 70a30fe1 71251 70a3102b 71250->71251 71362 70a324f0 __iob_func abort 71250->71362 71255 70a310cd free 71251->71255 71363 70a337f0 __iob_func abort 71251->71363 71254 70a31048 71254->71255 71256 70a3104f 71254->71256 71256->71233 71257 70a3107d memcmp 71256->71257 71257->71233 71258 70a3109f 71257->71258 71258->71233 71259 70a310ad memcmp 71258->71259 71259->71233 71259->71260 71260->71233 71262 70a2ffb4 71261->71262 71263 70a2ff6c 71261->71263 71364 70a2d050 __iob_func abort 71262->71364 71263->70820 71307->71067 71308->71109 71309->70989 71310->70743 71311->71042 71312->71140 71313->71024 71314->71119 71315->70985 71316->71123 71317->70942 71318->70916 71319->70903 71320->70925 71321->70973 71322->71129 71323->71070 71324->70859 71325->70966 71326->71100 71327->71027 71328->70986 71329->71080 71330->70778 71331->71009 71332->71029 71333->70754 71334->70780 71335->70846 71336->70787 71337->71048 71338->71055 71339->70802 71340->70874 71341->71053 71342->70843 71343->71076 71344->70872 71348->71200 71349->71213 71350->71203 71351->71213 71352->71213 71356->71246 71361->71250 71362->71251 71363->71254 71365 7ff7227ea754 71386 7ff7227eabb4 71365->71386 71368 7ff7227ea8a0 71486 7ff7227eaee0 7 API calls 2 library calls 71368->71486 71369 7ff7227ea770 __scrt_acquire_startup_lock 71371 7ff7227ea8aa 71369->71371 71376 7ff7227ea78e __scrt_release_startup_lock 71369->71376 71487 7ff7227eaee0 7 API calls 2 library calls 71371->71487 71373 7ff7227ea7b3 71374 7ff7227ea8b5 71375 7ff7227ea839 71392 7ff7227eb02c 71375->71392 71376->71373 71376->71375 71483 7ff7227f4470 33 API calls 71376->71483 71378 7ff7227ea83e 71395 7ff7227e1000 71378->71395 71383 7ff7227ea861 71383->71374 71485 7ff7227ead48 7 API calls __scrt_initialize_crt 71383->71485 71385 7ff7227ea878 71385->71373 71488 7ff7227eb1a8 71386->71488 71389 7ff7227eabe3 __scrt_initialize_crt 71391 7ff7227ea768 71389->71391 71490 7ff7227ec10c 7 API calls 2 library calls 71389->71490 71391->71368 71391->71369 71491 7ff7227eba40 71392->71491 71396 7ff7227e100b 71395->71396 71493 7ff7227e70f0 71396->71493 71398 7ff7227e101d 71504 7ff7227f06c8 71398->71504 71406 7ff7227e353b 71437 7ff7227e363c 71406->71437 71529 7ff7227e64e0 71406->71529 71408 7ff7227e3589 71409 7ff7227e35d5 71408->71409 71411 7ff7227e64e0 42 API calls 71408->71411 71544 7ff7227e6a80 71409->71544 71412 7ff7227e35aa 71411->71412 71412->71409 71624 7ff7227ef95c 71412->71624 71417 7ff7227e36df 71419 7ff7227e370a 71417->71419 71669 7ff7227e3040 18 API calls 71417->71669 71429 7ff7227e374d 71419->71429 71555 7ff7227e7490 71419->71555 71420 7ff7227e19c0 103 API calls 71424 7ff7227e3620 71420->71424 71421 7ff7227e6a80 31 API calls 71421->71409 71425 7ff7227e3624 71424->71425 71426 7ff7227e3662 71424->71426 71630 7ff7227e2760 18 API calls 2 library calls 71425->71630 71426->71417 71640 7ff7227e3b50 71426->71640 71427 7ff7227e372a 71430 7ff7227e3740 SetDllDirectoryW 71427->71430 71431 7ff7227e372f 71427->71431 71569 7ff7227e59d0 71429->71569 71430->71429 71670 7ff7227e2760 18 API calls 2 library calls 71431->71670 71631 7ff7227ea5f0 71437->71631 71438 7ff7227e37a8 71676 7ff7227e5950 14 API calls __vcrt_freefls 71438->71676 71443 7ff7227e37b2 71446 7ff7227e3866 71443->71446 71459 7ff7227e37bb 71443->71459 71444 7ff7227e376a 71444->71438 71672 7ff7227e5260 144 API calls 3 library calls 71444->71672 71614 7ff7227e2ed0 71446->71614 71447 7ff7227e36b7 71656 7ff7227ec8c4 71447->71656 71451 7ff7227e3684 71668 7ff7227e2760 18 API calls 2 library calls 71451->71668 71452 7ff7227e377b 71454 7ff7227e377f 71452->71454 71455 7ff7227e379e 71452->71455 71673 7ff7227e51f0 64 API calls 71454->71673 71675 7ff7227e54d0 FreeLibrary 71455->71675 71459->71437 71573 7ff7227e2e70 71459->71573 71460 7ff7227e3789 71460->71455 71463 7ff7227e378d 71460->71463 71461 7ff7227e389b 71464 7ff7227e64e0 42 API calls 71461->71464 71674 7ff7227e5860 19 API calls 71463->71674 71465 7ff7227e38a7 71464->71465 71465->71437 71469 7ff7227e38b8 71465->71469 71466 7ff7227e3841 71677 7ff7227e54d0 FreeLibrary 71466->71677 71468 7ff7227e379c 71468->71443 71680 7ff7227e6ac0 46 API calls 2 library calls 71469->71680 71471 7ff7227e3855 71678 7ff7227e5950 14 API calls __vcrt_freefls 71471->71678 71474 7ff7227e38d0 71681 7ff7227e54d0 FreeLibrary 71474->71681 71476 7ff7227e38dc 71682 7ff7227e5950 14 API calls __vcrt_freefls 71476->71682 71478 7ff7227e38e6 71479 7ff7227e38f7 71478->71479 71683 7ff7227e6780 37 API calls 2 library calls 71478->71683 71684 7ff7227e1aa0 65 API calls __vcrt_freefls 71479->71684 71482 7ff7227e38ff 71482->71437 71483->71375 71484 7ff7227eb070 GetModuleHandleW 71484->71383 71485->71385 71486->71371 71487->71374 71489 7ff7227eabd6 __scrt_dllmain_crt_thread_attach 71488->71489 71489->71389 71489->71391 71490->71391 71492 7ff7227eb043 GetStartupInfoW 71491->71492 71492->71378 71494 7ff7227e710f 71493->71494 71495 7ff7227e7117 71494->71495 71496 7ff7227e7160 WideCharToMultiByte 71494->71496 71498 7ff7227e71b6 WideCharToMultiByte 71494->71498 71499 7ff7227e7207 71494->71499 71495->71398 71496->71494 71496->71499 71498->71494 71498->71499 71685 7ff7227e2610 16 API calls 2 library calls 71499->71685 71500 7ff7227e7233 71501 7ff7227e7251 71500->71501 71503 7ff7227ef95c __vcrt_freefls 14 API calls 71500->71503 71502 7ff7227ef95c __vcrt_freefls 14 API calls 71501->71502 71502->71495 71503->71500 71508 7ff7227fa4c4 71504->71508 71505 7ff7227fa547 71687 7ff7227efc70 13 API calls _invalid_parameter_noinfo 71505->71687 71507 7ff7227fa54c 71688 7ff7227f5964 30 API calls _invalid_parameter_noinfo 71507->71688 71508->71505 71509 7ff7227fa508 71508->71509 71686 7ff7227fa3a0 61 API calls _fread_nolock 71509->71686 71512 7ff7227e351b 71513 7ff7227e1ae0 71512->71513 71514 7ff7227e1af5 71513->71514 71515 7ff7227e1b10 71514->71515 71689 7ff7227e24c0 40 API calls 3 library calls 71514->71689 71515->71437 71517 7ff7227e3a40 71515->71517 71690 7ff7227ea620 71517->71690 71520 7ff7227e3a92 71693 7ff7227e75a0 18 API calls 71520->71693 71521 7ff7227e3a7b 71692 7ff7227e2610 16 API calls 2 library calls 71521->71692 71524 7ff7227e3a8e 71527 7ff7227ea5f0 _handle_error 8 API calls 71524->71527 71525 7ff7227e3aa5 71525->71524 71694 7ff7227e2760 18 API calls 2 library calls 71525->71694 71528 7ff7227e3acf 71527->71528 71528->71406 71530 7ff7227e64ea 71529->71530 71531 7ff7227e7490 16 API calls 71530->71531 71532 7ff7227e650c GetEnvironmentVariableW 71531->71532 71533 7ff7227e6524 ExpandEnvironmentStringsW 71532->71533 71534 7ff7227e6576 71532->71534 71695 7ff7227e75a0 18 API calls 71533->71695 71535 7ff7227ea5f0 _handle_error 8 API calls 71534->71535 71537 7ff7227e6588 71535->71537 71537->71408 71538 7ff7227e654c 71538->71534 71539 7ff7227e6556 71538->71539 71696 7ff7227f4ba8 30 API calls _wfindfirst32i64 71539->71696 71541 7ff7227e655e 71542 7ff7227ea5f0 _handle_error 8 API calls 71541->71542 71543 7ff7227e656e 71542->71543 71543->71408 71545 7ff7227e7490 16 API calls 71544->71545 71546 7ff7227e6a97 SetEnvironmentVariableW 71545->71546 71547 7ff7227ef95c __vcrt_freefls 14 API calls 71546->71547 71548 7ff7227e35ea 71547->71548 71549 7ff7227e19c0 71548->71549 71550 7ff7227e19f0 71549->71550 71554 7ff7227e1a6a 71550->71554 71697 7ff7227e17a0 71550->71697 71553 7ff7227ec8c4 64 API calls 71553->71554 71554->71417 71554->71420 71556 7ff7227e74b1 MultiByteToWideChar 71555->71556 71557 7ff7227e7537 MultiByteToWideChar 71555->71557 71560 7ff7227e74fc 71556->71560 71561 7ff7227e74d7 71556->71561 71558 7ff7227e757f 71557->71558 71559 7ff7227e755a 71557->71559 71558->71427 71761 7ff7227e2610 16 API calls 2 library calls 71559->71761 71560->71557 71566 7ff7227e7512 71560->71566 71759 7ff7227e2610 16 API calls 2 library calls 71561->71759 71564 7ff7227e756d 71564->71427 71565 7ff7227e74ea 71565->71427 71760 7ff7227e2610 16 API calls 2 library calls 71566->71760 71568 7ff7227e7525 71568->71427 71570 7ff7227e59e5 71569->71570 71571 7ff7227e3752 71570->71571 71762 7ff7227e24c0 40 API calls 3 library calls 71570->71762 71571->71438 71671 7ff7227e56b0 105 API calls 2 library calls 71571->71671 71763 7ff7227e4770 71573->71763 71576 7ff7227e2ebd 71576->71466 71578 7ff7227e2e94 71578->71576 71811 7ff7227e4540 71578->71811 71580 7ff7227e2ea0 71580->71576 71822 7ff7227e4670 71580->71822 71620 7ff7227e2f43 71614->71620 71623 7ff7227e2f84 71614->71623 71615 7ff7227e2fc3 71616 7ff7227ea5f0 _handle_error 8 API calls 71615->71616 71618 7ff7227e2fd5 71616->71618 71618->71437 71679 7ff7227e6a10 40 API calls __vcrt_freefls 71618->71679 71620->71623 71958 7ff7227e2980 71620->71958 72002 7ff7227e1440 144 API calls 2 library calls 71620->72002 72004 7ff7227e1770 18 API calls 71620->72004 71623->71615 72003 7ff7227e1aa0 65 API calls __vcrt_freefls 71623->72003 71625 7ff7227f59cc 71624->71625 71626 7ff7227f59d1 HeapFree 71625->71626 71627 7ff7227e35c9 71625->71627 71626->71627 71628 7ff7227f59ec 71626->71628 71627->71421 72076 7ff7227efc70 13 API calls _invalid_parameter_noinfo 71628->72076 71630->71437 71632 7ff7227ea5f9 71631->71632 71633 7ff7227ea910 IsProcessorFeaturePresent 71632->71633 71634 7ff7227e3650 71632->71634 71635 7ff7227ea928 71633->71635 71634->71484 72077 7ff7227eab04 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 71635->72077 71637 7ff7227ea93b 72078 7ff7227ea8dc SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 71637->72078 71641 7ff7227e3b5c 71640->71641 71642 7ff7227e7490 16 API calls 71641->71642 71643 7ff7227e3b87 71642->71643 71644 7ff7227e7490 16 API calls 71643->71644 71645 7ff7227e3b9a 71644->71645 72079 7ff7227f0c88 71645->72079 71648 7ff7227ea5f0 _handle_error 8 API calls 71649 7ff7227e367c 71648->71649 71649->71451 71650 7ff7227e6cf0 71649->71650 71654 7ff7227e6d14 71650->71654 71651 7ff7227e6deb 71652 7ff7227ef95c __vcrt_freefls 14 API calls 71651->71652 71653 7ff7227e36b2 71652->71653 71653->71417 71653->71447 71654->71651 71655 7ff7227ecbe0 _fread_nolock 46 API calls 71654->71655 71655->71654 71657 7ff7227ec8db 71656->71657 71658 7ff7227ec8f9 71656->71658 72281 7ff7227efc70 13 API calls _invalid_parameter_noinfo 71657->72281 71659 7ff7227ec8eb 71658->71659 72280 7ff7227efba0 EnterCriticalSection 71658->72280 71659->71451 71662 7ff7227ec8e0 72282 7ff7227f5964 30 API calls _invalid_parameter_noinfo 71662->72282 71668->71437 71669->71419 71670->71437 71671->71444 71672->71452 71673->71460 71674->71468 71675->71438 71676->71443 71677->71471 71678->71437 71679->71461 71680->71474 71681->71476 71682->71478 71683->71479 71684->71482 71685->71500 71686->71512 71687->71507 71688->71512 71689->71515 71691 7ff7227e3a4c GetModuleFileNameW 71690->71691 71691->71520 71691->71521 71692->71524 71693->71525 71694->71524 71695->71538 71696->71541 71698 7ff7227e17c4 71697->71698 71701 7ff7227e17d4 71697->71701 71699 7ff7227e3b50 98 API calls 71698->71699 71699->71701 71700 7ff7227e6cf0 47 API calls 71703 7ff7227e1805 71700->71703 71701->71700 71726 7ff7227e1832 71701->71726 71702 7ff7227ea5f0 _handle_error 8 API calls 71704 7ff7227e19b0 71702->71704 71705 7ff7227e181f 71703->71705 71706 7ff7227e183c 71703->71706 71703->71726 71704->71553 71704->71554 71736 7ff7227e24c0 40 API calls 3 library calls 71705->71736 71727 7ff7227ecbe0 71706->71727 71709 7ff7227e1857 71737 7ff7227e24c0 40 API calls 3 library calls 71709->71737 71711 7ff7227e1851 71711->71709 71712 7ff7227e18d3 71711->71712 71713 7ff7227e18ee 71711->71713 71738 7ff7227e24c0 40 API calls 3 library calls 71712->71738 71714 7ff7227ecbe0 _fread_nolock 46 API calls 71713->71714 71716 7ff7227e1903 71714->71716 71716->71709 71717 7ff7227e1915 71716->71717 71730 7ff7227ec954 71717->71730 71720 7ff7227e192d 71739 7ff7227e2760 18 API calls 2 library calls 71720->71739 71722 7ff7227e1983 71723 7ff7227ec8c4 64 API calls 71722->71723 71722->71726 71723->71726 71724 7ff7227e1940 71724->71722 71740 7ff7227e2760 18 API calls 2 library calls 71724->71740 71726->71702 71741 7ff7227ecc00 71727->71741 71731 7ff7227ec95d 71730->71731 71733 7ff7227e1929 71730->71733 71757 7ff7227efc70 13 API calls _invalid_parameter_noinfo 71731->71757 71733->71720 71733->71724 71734 7ff7227ec962 71758 7ff7227f5964 30 API calls _invalid_parameter_noinfo 71734->71758 71736->71726 71737->71726 71738->71726 71739->71726 71740->71722 71742 7ff7227ecc2a 71741->71742 71743 7ff7227ecbf8 71741->71743 71742->71743 71744 7ff7227ecc76 71742->71744 71745 7ff7227ecc39 __scrt_get_show_window_mode 71742->71745 71743->71711 71754 7ff7227efba0 EnterCriticalSection 71744->71754 71755 7ff7227efc70 13 API calls _invalid_parameter_noinfo 71745->71755 71750 7ff7227ecc4e 71756 7ff7227f5964 30 API calls _invalid_parameter_noinfo 71750->71756 71755->71750 71756->71743 71757->71734 71758->71733 71759->71565 71760->71568 71761->71564 71762->71571 71764 7ff7227e4780 71763->71764 71765 7ff7227e47bb 71764->71765 71768 7ff7227e47db 71764->71768 71874 7ff7227e2760 18 API calls 2 library calls 71765->71874 71767 7ff7227e47d1 71770 7ff7227ea5f0 _handle_error 8 API calls 71767->71770 71769 7ff7227e481a 71768->71769 71771 7ff7227e4832 71768->71771 71875 7ff7227e2760 18 API calls 2 library calls 71768->71875 71863 7ff7227e3ae0 71769->71863 71775 7ff7227e2e7e 71770->71775 71772 7ff7227e4869 71771->71772 71876 7ff7227e2760 18 API calls 2 library calls 71771->71876 71869 7ff7227e6ca0 71772->71869 71775->71576 71785 7ff7227e4af0 71775->71785 71780 7ff7227e487b 71877 7ff7227e2610 16 API calls 2 library calls 71780->71877 71781 7ff7227e489d 71878 7ff7227e3c90 70 API calls 71781->71878 71784 7ff7227e6ca0 31 API calls 71784->71771 71786 7ff7227e7490 16 API calls 71785->71786 71787 7ff7227e4b12 71786->71787 71788 7ff7227e4b2e 71787->71788 71789 7ff7227e4b17 71787->71789 71792 7ff7227e7490 16 API calls 71788->71792 71905 7ff7227e2760 18 API calls 2 library calls 71789->71905 71791 7ff7227e4b23 71791->71578 71794 7ff7227e4b5c 71792->71794 71796 7ff7227e4c03 71794->71796 71797 7ff7227e4bde 71794->71797 71809 7ff7227e4b61 71794->71809 71795 7ff7227e4cd7 71795->71578 71799 7ff7227e7490 16 API calls 71796->71799 71906 7ff7227e2760 18 API calls 2 library calls 71797->71906 71801 7ff7227e4c1c 71799->71801 71800 7ff7227e4bf3 71800->71578 71801->71809 71879 7ff7227e48d0 71801->71879 71810 7ff7227e4cc0 71809->71810 71908 7ff7227e2760 18 API calls 2 library calls 71809->71908 71810->71578 71812 7ff7227e4557 71811->71812 71812->71812 71813 7ff7227e4579 71812->71813 71821 7ff7227e4590 71812->71821 71923 7ff7227e2760 18 API calls 2 library calls 71813->71923 71815 7ff7227e4585 71815->71580 71816 7ff7227e465d 71816->71580 71818 7ff7227e12b0 105 API calls 71818->71821 71820 7ff7227ef95c __vcrt_freefls 14 API calls 71820->71821 71821->71816 71821->71818 71821->71820 71924 7ff7227e2760 18 API calls 2 library calls 71821->71924 71925 7ff7227e1770 18 API calls 71821->71925 71823 7ff7227e474d 71822->71823 71824 7ff7227e468b 71822->71824 71824->71823 71824->71824 71826 7ff7227e2760 18 API calls 71824->71826 71926 7ff7227e1770 18 API calls 71824->71926 71826->71824 71864 7ff7227e3aea 71863->71864 71865 7ff7227e7490 16 API calls 71864->71865 71866 7ff7227e3b12 71865->71866 71867 7ff7227ea5f0 _handle_error 8 API calls 71866->71867 71868 7ff7227e3b3a 71867->71868 71868->71771 71868->71784 71870 7ff7227e7490 16 API calls 71869->71870 71871 7ff7227e6cb7 LoadLibraryExW 71870->71871 71872 7ff7227ef95c __vcrt_freefls 14 API calls 71871->71872 71873 7ff7227e4876 71872->71873 71873->71780 71873->71781 71874->71767 71875->71769 71876->71772 71877->71767 71878->71767 71880 7ff7227e48ea mbstowcs 71879->71880 71884 7ff7227e49f8 71880->71884 71886 7ff7227e4ace 71880->71886 71904 7ff7227e4a96 71880->71904 71909 7ff7227e1770 18 API calls 71880->71909 71881 7ff7227ea5f0 _handle_error 8 API calls 71883 7ff7227e4ab5 71881->71883 71907 7ff7227e7690 32 API calls __vcrt_freefls 71883->71907 71884->71904 71910 7ff7227f4c20 71884->71910 71920 7ff7227e2760 18 API calls 2 library calls 71886->71920 71904->71881 71905->71791 71906->71800 71908->71795 71909->71880 71911 7ff7227f4c29 71910->71911 71913 7ff7227e4a0f 71910->71913 71921 7ff7227efc70 13 API calls _invalid_parameter_noinfo 71911->71921 71916 7ff7227f0f20 32 API calls 3 library calls 71913->71916 71920->71904 71923->71815 71924->71821 71925->71821 71926->71824 71959 7ff7227e2996 71958->71959 71960 7ff7227e2db9 71959->71960 72005 7ff7227e2dd0 71959->72005 71963 7ff7227e2ad7 72011 7ff7227e6270 80 API calls 71963->72011 71964 7ff7227e2dd0 55 API calls 71966 7ff7227e2ad3 71964->71966 71966->71963 71968 7ff7227e2b45 71966->71968 71967 7ff7227e2adf 71969 7ff7227e2afc 71967->71969 72012 7ff7227e6150 117 API calls 2 library calls 71967->72012 71970 7ff7227e2dd0 55 API calls 71968->71970 72001 7ff7227e2b16 71969->72001 72013 7ff7227e2760 18 API calls 2 library calls 71969->72013 71972 7ff7227e2b6e 71970->71972 71974 7ff7227e2bc8 71972->71974 71975 7ff7227e2dd0 55 API calls 71972->71975 71974->71969 72014 7ff7227e6270 80 API calls 71974->72014 71977 7ff7227e2b9b 71975->71977 71977->71974 71980 7ff7227e2dd0 55 API calls 71977->71980 71978 7ff7227ea5f0 _handle_error 8 API calls 71979 7ff7227e2b3a 71978->71979 71979->71620 71980->71974 71981 7ff7227e1ae0 40 API calls 71987 7ff7227e2c2f 71981->71987 71982 7ff7227e2bd8 71982->71969 71982->71981 71983 7ff7227e2cf6 71982->71983 71983->71969 71992 7ff7227e2d0e 71983->71992 71984 7ff7227e2d92 72020 7ff7227e2760 18 API calls 2 library calls 71984->72020 71986 7ff7227e2cf1 72021 7ff7227e1aa0 65 API calls __vcrt_freefls 71986->72021 71987->71969 71987->71984 71991 7ff7227e2cbc 71987->71991 71994 7ff7227e17a0 103 API calls 71991->71994 71993 7ff7227e2d74 71992->71993 71992->72001 72016 7ff7227e1440 144 API calls 2 library calls 71992->72016 72017 7ff7227e1770 18 API calls 71992->72017 72018 7ff7227e2760 18 API calls 2 library calls 71993->72018 71995 7ff7227e2cd3 71994->71995 71995->71992 71997 7ff7227e2cd7 71995->71997 71998 7ff7227e2d85 72001->71978 72002->71620 72003->71623 72004->71620 72006 7ff7227e2e04 72005->72006 72007 7ff7227e2e3b 72006->72007 72022 7ff7227f05c0 72006->72022 72009 7ff7227ea5f0 _handle_error 8 API calls 72007->72009 72010 7ff7227e2a86 72009->72010 72010->71963 72010->71964 72011->71967 72012->71969 72013->72001 72014->71982 72016->71992 72017->71992 72018->71998 72020->71986 72021->71969 72023 7ff7227f05dd 72022->72023 72024 7ff7227f05e9 72022->72024 72039 7ff7227efee4 72023->72039 72063 7ff7227eda10 33 API calls 72024->72063 72027 7ff7227f05e2 72027->72007 72028 7ff7227f0611 72030 7ff7227f0621 72028->72030 72064 7ff7227f97f0 5 API calls try_get_function 72028->72064 72065 7ff7227efd6c 16 API calls 3 library calls 72030->72065 72032 7ff7227f0675 72033 7ff7227f068d 72032->72033 72034 7ff7227f0679 72032->72034 72035 7ff7227efee4 52 API calls 72033->72035 72034->72027 72066 7ff7227f59cc 13 API calls _set_errno_from_matherr 72034->72066 72037 7ff7227f0699 72035->72037 72037->72027 72067 7ff7227f59cc 13 API calls _set_errno_from_matherr 72037->72067 72040 7ff7227eff03 72039->72040 72041 7ff7227eff1f 72039->72041 72068 7ff7227efc50 13 API calls _invalid_parameter_noinfo 72040->72068 72041->72040 72042 7ff7227eff32 CreateFileW 72041->72042 72044 7ff7227eff65 72042->72044 72045 7ff7227effac 72042->72045 72071 7ff7227f0030 42 API calls 3 library calls 72044->72071 72072 7ff7227f04b4 40 API calls 3 library calls 72045->72072 72046 7ff7227eff08 72069 7ff7227efc70 13 API calls _invalid_parameter_noinfo 72046->72069 72050 7ff7227eff0f 72070 7ff7227f5964 30 API calls _invalid_parameter_noinfo 72050->72070 72051 7ff7227eff73 72057 7ff7227eff1a 72051->72057 72059 7ff7227eff8e CloseHandle 72051->72059 72052 7ff7227effb1 72054 7ff7227effb5 72052->72054 72055 7ff7227effc1 72052->72055 72073 7ff7227efc00 13 API calls 2 library calls 72054->72073 72074 7ff7227f0270 34 API calls 72055->72074 72057->72027 72059->72057 72060 7ff7227effbf 72060->72051 72061 7ff7227effce 72075 7ff7227f03ac 23 API calls _fread_nolock 72061->72075 72063->72028 72064->72030 72065->72032 72066->72027 72067->72027 72068->72046 72069->72050 72070->72057 72071->72051 72072->72052 72073->72060 72074->72061 72075->72060 72076->71627 72077->71637 72080 7ff7227f0bbc 72079->72080 72081 7ff7227f0be2 72080->72081 72084 7ff7227f0c15 72080->72084 72110 7ff7227efc70 13 API calls _invalid_parameter_noinfo 72081->72110 72083 7ff7227f0be7 72111 7ff7227f5964 30 API calls _invalid_parameter_noinfo 72083->72111 72086 7ff7227f0c1b 72084->72086 72087 7ff7227f0c28 72084->72087 72112 7ff7227efc70 13 API calls _invalid_parameter_noinfo 72086->72112 72098 7ff7227f5be4 72087->72098 72097 7ff7227e3ba9 72097->71648 72115 7ff7227faf44 EnterCriticalSection 72098->72115 72110->72083 72111->72097 72112->72097 72281->71662 72282->71659 69536 7ff7227e90c0 69537 7ff7227e90ee 69536->69537 69538 7ff7227e90d5 69536->69538 69538->69537 69541 7ff7227f7d90 69538->69541 69542 7ff7227f7ddb 69541->69542 69546 7ff7227f7d9f _invalid_parameter_noinfo 69541->69546 69549 7ff7227efc70 13 API calls _invalid_parameter_noinfo 69542->69549 69544 7ff7227f7dc2 HeapAlloc 69545 7ff7227e9148 69544->69545 69544->69546 69546->69542 69546->69544 69548 7ff7227fdc34 EnterCriticalSection LeaveCriticalSection _invalid_parameter_noinfo 69546->69548 69548->69546 69549->69545 72283 7ff7227f69cc 72284 7ff7227f69f5 72283->72284 72285 7ff7227f6a0d 72283->72285 72308 7ff7227efc50 13 API calls _invalid_parameter_noinfo 72284->72308 72287 7ff7227f6a87 72285->72287 72291 7ff7227f6a3e 72285->72291 72310 7ff7227efc50 13 API calls _invalid_parameter_noinfo 72287->72310 72288 7ff7227f69fa 72309 7ff7227efc70 13 API calls _invalid_parameter_noinfo 72288->72309 72307 7ff7227f2284 EnterCriticalSection 72291->72307 72292 7ff7227f6a8c 72311 7ff7227efc70 13 API calls _invalid_parameter_noinfo 72292->72311 72296 7ff7227f6a94 72312 7ff7227f5964 30 API calls _invalid_parameter_noinfo 72296->72312 72306 7ff7227f6a02 72308->72288 72309->72306 72310->72292 72311->72296 72312->72306 69550 7ff7227f42d8 69551 7ff7227f42f5 GetModuleHandleW 69550->69551 69552 7ff7227f433f 69550->69552 69551->69552 69554 7ff7227f4302 69551->69554 69560 7ff7227f41d0 69552->69560 69554->69552 69574 7ff7227f43e0 GetModuleHandleExW 69554->69574 69580 7ff7227faf44 EnterCriticalSection 69560->69580 69575 7ff7227f4425 69574->69575 69576 7ff7227f4406 GetProcAddress 69574->69576 69577 7ff7227f4435 69575->69577 69578 7ff7227f442f FreeLibrary 69575->69578 69576->69575 69579 7ff7227f441d 69576->69579 69577->69552 69578->69577 69579->69575 72313 7ff7227ecca8 72314 7ff7227ecced 72313->72314 72315 7ff7227eccca 72313->72315 72314->72315 72317 7ff7227eccf2 72314->72317 72327 7ff7227efc70 13 API calls _invalid_parameter_noinfo 72315->72327 72326 7ff7227efba0 EnterCriticalSection 72317->72326 72318 7ff7227ecccf 72328 7ff7227f5964 30 API calls _invalid_parameter_noinfo 72318->72328 72322 7ff7227eccda 72327->72318 72328->72322 72329 7ff7227e8e08 72330 7ff7227e8147 72329->72330 72332 7ff7227e81c3 72330->72332 72333 7ff7227e9360 72330->72333 72334 7ff7227e9385 72333->72334 72335 7ff7227e939b memcpy_s 72333->72335 72336 7ff7227f7d90 14 API calls 72334->72336 72335->72332 72336->72335 72337 7ff7227f3048 72338 7ff7227f305f 72337->72338 72339 7ff7227f307e 72337->72339 72350 7ff7227efc70 13 API calls _invalid_parameter_noinfo 72338->72350 72349 7ff7227efba0 EnterCriticalSection 72339->72349 72343 7ff7227f3064 72351 7ff7227f5964 30 API calls _invalid_parameter_noinfo 72343->72351 72346 7ff7227f306f 72350->72343 72351->72346

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 70A0A7B0 Relevance: 624.0, APIs: 334, Strings: 21, Instructions: 2756stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strncmp$free$_errnofprintf$fputc$strchr$atoffclose$_time64getenvstrerror
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$*$*CODE:$*DOMAIN:$*FIXKEY:$*FLAGS:$*HARDDISK:$*IFIPV4:$*IFIPV6:$*IFMAC:$*TIME:$*VERSION:$Pyarmor$_vax_%s$clickbank$license.c$pyarmor-test-0001$pytransform.log$regnow$shareit
                                                                                                                                                                                            • API String ID: 1877277240-1732257083
                                                                                                                                                                                            • Opcode ID: 9a570d108b4c1940485d56054af62b97a88552214d87f5b669533eeeaac584d2
                                                                                                                                                                                            • Instruction ID: 4ca2713e25435f366b1f3c853fb61ceeec4d996cdf35d709524cd5d8599ec363
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a570d108b4c1940485d56054af62b97a88552214d87f5b669533eeeaac584d2
                                                                                                                                                                                            • Instruction Fuzzy Hash: BE339C71B2874ADAEB149B21FA1079D23A5BB88BC4F44822ADD0E5736CEF3CE505C751
                                                                                                                                                                                            Function 70A0E6F0 Relevance: 28.8, APIs: 2, Strings: 17, Instructions: 293stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Python interpreter is debug version, xrefs: 70A0E940
                                                                                                                                                                                            • Got string from code object failed, xrefs: 70A0E7DC, 70A0E9F7
                                                                                                                                                                                            • This obfuscated script is obfuscated by old PyArmor, xrefs: 70A0EB4F
                                                                                                                                                                                            • Restore module failed, xrefs: 70A0EB01
                                                                                                                                                                                            • Check the restrict mode of module failed, xrefs: 70A0EB2B
                                                                                                                                                                                            • <frozen pyarmor>, xrefs: 70A0E6FC
                                                                                                                                                                                            • Enable restrict mode failed, xrefs: 70A0EBC1
                                                                                                                                                                                            • Invalid parameter, xrefs: 70A0E910
                                                                                                                                                                                            • ssO|i, xrefs: 70A0E770
                                                                                                                                                                                            • Marshal loads failed, xrefs: 70A0EB79
                                                                                                                                                                                            • The runtime library doesn't support Advanced Mode, xrefs: 70A0EA5D
                                                                                                                                                                                            • The runtime library doesn't support Super Mode, xrefs: 70A0E961
                                                                                                                                                                                            • NULL code object, xrefs: 70A0EA7B
                                                                                                                                                                                            • Loaded module __main__ not found in sys.modules, xrefs: 70A0EB9D
                                                                                                                                                                                            • Incompatible core library, xrefs: 70A0EBE9
                                                                                                                                                                                            • Check restrict mode of module failed, xrefs: 70A0EAD3
                                                                                                                                                                                            • The python version in runtime is different from the build time, xrefs: 70A0E8B1
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strlenstrncmp
                                                                                                                                                                                            • String ID: <frozen pyarmor>$Check restrict mode of module failed$Check the restrict mode of module failed$Enable restrict mode failed$Got string from code object failed$Incompatible core library$Invalid parameter$Loaded module __main__ not found in sys.modules$Marshal loads failed$NULL code object$Python interpreter is debug version$Restore module failed$The python version in runtime is different from the build time$The runtime library doesn't support Advanced Mode$The runtime library doesn't support Super Mode$This obfuscated script is obfuscated by old PyArmor$ssO|i
                                                                                                                                                                                            • API String ID: 1310274236-189690365
                                                                                                                                                                                            • Opcode ID: de706c7b0686e13caf34838300ca2eb59b35a277f68e4ab34e64101f44a6eaba
                                                                                                                                                                                            • Instruction ID: 0aee0237f40bce89063e8129e8596ff9a551f9254ead37a138e556fc0b69fed3
                                                                                                                                                                                            • Opcode Fuzzy Hash: de706c7b0686e13caf34838300ca2eb59b35a277f68e4ab34e64101f44a6eaba
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7ED15E72B0AA09C5EB01CF15FC9035963B5F7A9B88F548626C94E07728EF7CE589E341
                                                                                                                                                                                            Function 70A708E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24nativethreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • NtSetInformationThread.NTDLL ref: 70A70940
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: InformationThread
                                                                                                                                                                                            • String ID: NtSetInformationThread$ntdll.dll
                                                                                                                                                                                            • API String ID: 4046476035-3743287242
                                                                                                                                                                                            • Opcode ID: e5a8ab297af3254c8973ab1e1034aa530dc4ab812a2c1580ad32ee085639b3a6
                                                                                                                                                                                            • Instruction ID: cdb0693797393069ef7bf62cf4e489569018370bbe9361c0ef7875bb976b5615
                                                                                                                                                                                            • Opcode Fuzzy Hash: e5a8ab297af3254c8973ab1e1034aa530dc4ab812a2c1580ad32ee085639b3a6
                                                                                                                                                                                            • Instruction Fuzzy Hash: FAF01535B18A48CAEB609B06FC5034A2360F39CB98F544225DA9D83774EF2CD709CB00
                                                                                                                                                                                            Function 70A6FC00 Relevance: 3.2, APIs: 2, Instructions: 651COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: mallocmemcpy
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4276657696-0
                                                                                                                                                                                            • Opcode ID: 59ec0480ac1d7ffcf86410bb1f68e875519e8c595487042376e28e36e18d3dd9
                                                                                                                                                                                            • Instruction ID: 78695baced311355cef1ba5b5531bfe14b6a93d05df77b1a100f4f75cb1eba37
                                                                                                                                                                                            • Opcode Fuzzy Hash: 59ec0480ac1d7ffcf86410bb1f68e875519e8c595487042376e28e36e18d3dd9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D427B71A15A44C6EB35CBA1EC91B7D2724FB89B8AF51E236DA4EC732CCB38D5018345
                                                                                                                                                                                            Function 70A199F0 Relevance: 2280.3, APIs: 1190, Strings: 109, Instructions: 7009libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressProc$_errno
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$3des$PyArg_ParseTuple$PyBool_FromLong$PyByteArray_AsString$PyBytes_AsString$PyBytes_AsStringAndSize$PyBytes_FromStringAndSize$PyBytes_Size$PyCFunction_Call$PyCFunction_NewEx$PyCell_Set$PyCode_Type$PyDict_Clear$PyDict_Copy$PyDict_GetItemString$PyDict_SetItem$PyDict_SetItemString$PyErr_Clear$PyErr_Fetch$PyErr_Format$PyErr_NoMemory$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyErr_SetString$PyEval_EvalCode$PyEval_EvalFrameEx$PyEval_GetBuiltins$PyEval_GetFrame$PyEval_GetGlobals$PyEval_GetLocals$PyEval_SetProfile$PyEval_SetTrace$PyExc_ImportError$PyExc_RuntimeError$PyFrame_LocalsToFast$PyFrame_Type$PyFunction_Type$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ExecCodeModuleEx$PyImport_GetMagicNumber$PyImport_GetModuleDict$PyImport_ImportModule$PyList_GetItem$PyList_Size$PyLong_AsLong$PyLong_FromLong$PyMarshal_ReadObjectFromString$PyMarshal_WriteObjectToFile$PyMarshal_WriteObjectToString$PyModule_GetDict$PyObject_GetAttrString$PyObject_Print$PyObject_SetAttrString$PyObject_Size$PyObject_Type$PyString_AsStringAndSize$PyString_Format$PyString_FromStringAndSize$PyString_Size$PyString_Type$PySys_GetObject$PySys_SetObject$PyThreadState_Get$PyTuple_GetItem$PyTuple_GetSlice$PyTuple_New$PyTuple_SetItem$PyTuple_Size$PyType_GenericNew$PyUnicodeUCS2_AsUTF8String$PyUnicodeUCS2_Format$PyUnicodeUCS2_FromString$PyUnicodeUCS4_AsUTF8String$PyUnicodeUCS4_Format$PyUnicodeUCS4_FromString$PyUnicode_AsUTF8String$PyUnicode_Fill$PyUnicode_Format$PyUnicode_FromString$PyUnicode_Type$Py_BuildValue$Py_CompileString$Py_CompileStringExFlags$Py_DebugFlag$Py_DecRef$Py_Exit$Py_IncRef$Py_InspectFlag$Py_InteractiveFlag$Py_ReprEnter$_PyEval_EvalFrameDefault$_Py_NoneStruct$_Py_TrueStruct$_pytransform.c$aes$dumps$license.c$license.lic$loads$marshal$pyshield.lic$pytransform.log$sha256$sprng$wrapper.c
                                                                                                                                                                                            • API String ID: 1566810575-3086871561
                                                                                                                                                                                            • Opcode ID: bd406935070ba2316a5d549f7af733740b896774029f340e28a553630994f88f
                                                                                                                                                                                            • Instruction ID: 1be5c78c5f67ae6cdf033322386b53d9bab3f6176190fe4a2954bc2fb93f7283
                                                                                                                                                                                            • Opcode Fuzzy Hash: bd406935070ba2316a5d549f7af733740b896774029f340e28a553630994f88f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9AE36BB0B28756E9EB05DB11FD1079C23A5BB49BC4F448226990E1B3A8DF3CF646C356
                                                                                                                                                                                            Function 70A0DA10 Relevance: 33.3, APIs: 13, Strings: 6, Instructions: 96COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 70A05FD0: getenv.MSVCRT ref: 70A06066
                                                                                                                                                                                            • _errno.MSVCRT ref: 70A0DA91
                                                                                                                                                                                              • Part of subcall function 70A0A7B0: strncmp.MSVCRT ref: 70A0A891
                                                                                                                                                                                              • Part of subcall function 70A0A7B0: strchr.MSVCRT ref: 70A0A8A2
                                                                                                                                                                                            • free.MSVCRT ref: 70A0DA6F
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errnofreegetenvstrchrstrncmp
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$license.c$license.lic$product.key$pytransform.log
                                                                                                                                                                                            • API String ID: 2166687660-2554675036
                                                                                                                                                                                            • Opcode ID: 51b71e4d5f7b9b1f5e99217e4ad8c9ed1310ba067563fa6360d19c9241e2a9c4
                                                                                                                                                                                            • Instruction ID: 4efda974a8896be2298d1eee56068094a8eee92e9bc250dad0bd2c1d9548b117
                                                                                                                                                                                            • Opcode Fuzzy Hash: 51b71e4d5f7b9b1f5e99217e4ad8c9ed1310ba067563fa6360d19c9241e2a9c4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A31D471B2836A99EE00AB51F91175D63A1BB49BC4F448236DD0E2776CEF3CF9068346
                                                                                                                                                                                            Function 70A04A00 Relevance: 26.3, APIs: 11, Strings: 4, Instructions: 96COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fprintf$fputc$_errnofclosemallocmemcpy
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$protect.c$pytransform.log
                                                                                                                                                                                            • API String ID: 1944142573-1235383041
                                                                                                                                                                                            • Opcode ID: 6b25d167d664dc9fa20fed712a6307817866af6a7771c36f0bb93a53ba9f0987
                                                                                                                                                                                            • Instruction ID: 227b92444954991b52247186106102a6d3bd445ee1a5f0027d7dd83185608cfa
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6b25d167d664dc9fa20fed712a6307817866af6a7771c36f0bb93a53ba9f0987
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7531B6517182C29EEB119B35B9607AD6B71EF46BC8F088165DE8D0736ADE2CF402C309
                                                                                                                                                                                            Function 00007FF7227E17A0 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 144COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _fread_nolock$Message_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: Cannot read Table of Contents.$Could not allocate buffer for TOC!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2153230061-4158440160
                                                                                                                                                                                            • Opcode ID: 084a4c890cee1d6cc7fd3de77fa9d06679c6979ba1ae25152016f85c9a2aa557
                                                                                                                                                                                            • Instruction ID: a433bb2e6a1600b95e39af4b82677d793411922ce27f62d3cf863b668e401218
                                                                                                                                                                                            • Opcode Fuzzy Hash: 084a4c890cee1d6cc7fd3de77fa9d06679c6979ba1ae25152016f85c9a2aa557
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C517E71A0D68296FB18EF24D851178A3A0FB49B58B908135DA1D873A5DFBCE944CB70
                                                                                                                                                                                            Function 70A94B20 Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 123fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File_errno$CloseCreateErrorHandleLastMappingView
                                                                                                                                                                                            • String ID: $@$@
                                                                                                                                                                                            • API String ID: 896588047-3743272326
                                                                                                                                                                                            • Opcode ID: a7d2e116755dd5e7b73fa10bb3bd850991ebedf29374f90d57e067a6f4a17967
                                                                                                                                                                                            • Instruction ID: dc88614902378892f61cb752b95925dd695167d7829bfecb19ab9c38622cc72e
                                                                                                                                                                                            • Opcode Fuzzy Hash: a7d2e116755dd5e7b73fa10bb3bd850991ebedf29374f90d57e067a6f4a17967
                                                                                                                                                                                            • Instruction Fuzzy Hash: 45414573F226508AE7225B16AD00B4D62A9B789BB4F490325DE7A177D8EBBCD9408304
                                                                                                                                                                                            Function 70A0DC10 Relevance: 15.6, APIs: 4, Strings: 6, Instructions: 579stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: free$strlenstrncmp
                                                                                                                                                                                            • String ID: __main__$__mp_main__$__parents_main__$__spec__$frame$obfmode.c
                                                                                                                                                                                            • API String ID: 2569063720-2363144754
                                                                                                                                                                                            • Opcode ID: d7eb3b2edb8b75f53f14989efe98325d5a7d4fb8147dfaabf56a59dccfa926de
                                                                                                                                                                                            • Instruction ID: 5df5f8f4ca7e20f381e89759c24b5211d9d23d32de1d11822eaf4d435f1d9017
                                                                                                                                                                                            • Opcode Fuzzy Hash: d7eb3b2edb8b75f53f14989efe98325d5a7d4fb8147dfaabf56a59dccfa926de
                                                                                                                                                                                            • Instruction Fuzzy Hash: C232BC72A0664CC6EB15CB21B94035D27A6B7A9B88F444A29CD0F0B7ACFB7CE945D701
                                                                                                                                                                                            Function 00007FF7227E12B0 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 106COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2030045667-3659356012
                                                                                                                                                                                            • Opcode ID: 2d3b62faa812116a8d0b2d471541a231f49915d074b49694ee90e4bab779fa5c
                                                                                                                                                                                            • Instruction ID: a8a9e158ff59c73898f90c529b71805a751cf36007d3724edb2d6840ae5efd06
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2d3b62faa812116a8d0b2d471541a231f49915d074b49694ee90e4bab779fa5c
                                                                                                                                                                                            • Instruction Fuzzy Hash: A1417F21A0C68291FE25EB15AC016B9E391FF4A794FC44432DB4D47B65EEBCE941CB30
                                                                                                                                                                                            Function 00007FF722800F7C Relevance: 13.8, APIs: 9, Instructions: 273fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1330151763-0
                                                                                                                                                                                            • Opcode ID: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                            • Instruction ID: 150cec6d69d27b4a7bdf3465702a661c130859c584c736de615bb6994ac3de2a
                                                                                                                                                                                            • Opcode Fuzzy Hash: d121c7e434188e1b59c11ae7c5eb2a34e011b9b37a129bdee774847c0c4b5b89
                                                                                                                                                                                            • Instruction Fuzzy Hash: 41C1C232B28A4186FB14DF68C8806BC77A1FB49BA8B905225DE1E577E4CF78D561C720
                                                                                                                                                                                            Function 00007FF7227E1000 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 274COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF7227E3A40: GetModuleFileNameW.KERNEL32(?,00007FF7227E353B), ref: 00007FF7227E3A71
                                                                                                                                                                                            • SetDllDirectoryW.KERNEL32 ref: 00007FF7227E3747
                                                                                                                                                                                              • Part of subcall function 00007FF7227E64E0: GetEnvironmentVariableW.KERNEL32(00007FF7227E3589), ref: 00007FF7227E651A
                                                                                                                                                                                              • Part of subcall function 00007FF7227E64E0: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF7227E6537
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Environment$DirectoryExpandFileModuleNameStringsVariable
                                                                                                                                                                                            • String ID: Cannot open PyInstaller archive from executable (%s) or external archive (%s)$Cannot side-load external archive %s (code %d)!$Failed to convert DLL search path!$MEI$_MEIPASS2$_PYI_ONEDIR_MODE
                                                                                                                                                                                            • API String ID: 2344891160-3602715111
                                                                                                                                                                                            • Opcode ID: 97cc71daf61ab37fe4f26d210c3cb304531d6acc7bb47ecb3f13cc879818ec84
                                                                                                                                                                                            • Instruction ID: 6afa8ec7de691db5f545a0ba2aa1ab6d2114c3172d8ca99c86dc581c6428e97c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 97cc71daf61ab37fe4f26d210c3cb304531d6acc7bb47ecb3f13cc879818ec84
                                                                                                                                                                                            • Instruction Fuzzy Hash: 94B15261A1C6C361FA65BB219D512BDA290FF5A784FC04031EB4D4B796EEBCE605CB30
                                                                                                                                                                                            Function 00007FF7227E1050 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 156COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                            • String ID: 1.2.11$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                            • API String ID: 2030045667-1060636955
                                                                                                                                                                                            • Opcode ID: 95c548f89e681e47874ff23e480127a1694c3abca9e314def752e1d6f8fe132c
                                                                                                                                                                                            • Instruction ID: e32d7e12c0e501da4e02ea176fe04a4b9fc6a315a63fd6f5bdb583c5ee429117
                                                                                                                                                                                            • Opcode Fuzzy Hash: 95c548f89e681e47874ff23e480127a1694c3abca9e314def752e1d6f8fe132c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 45519422B0C6C295FA64BB11AC413BAA291FB4A794FC44135DB4D87795EEBCE904CF30
                                                                                                                                                                                            Function 00007FF7227F6408 Relevance: 10.8, APIs: 7, Instructions: 291COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 53787f42cc88ec762c7cab538ca08b13a4b27a7d8075f21ba4fa32834bd05f71
                                                                                                                                                                                            • Instruction ID: 003f9eeb11036eeae74937af68e8cb91d0cd6ec91a6e6c0a0ce5e14bdccbdeb3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 53787f42cc88ec762c7cab538ca08b13a4b27a7d8075f21ba4fa32834bd05f71
                                                                                                                                                                                            • Instruction Fuzzy Hash: F0C1D322A0C68752F660BB1598402BDBBA1FB8AB80FD50135DB5D07791CEBCE855CF70
                                                                                                                                                                                            Function 00007FF7227EA754 Relevance: 7.6, APIs: 5, Instructions: 94COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4144305933-0
                                                                                                                                                                                            • Opcode ID: 702f7c832cf0ba87b5ff8a943f0597e04a247d80620e40057ef95aeb345a1c99
                                                                                                                                                                                            • Instruction ID: cadc97f8d3e219a617785e736f7f7dd8ced2f26c0d7449cd467e0b6729033c15
                                                                                                                                                                                            • Opcode Fuzzy Hash: 702f7c832cf0ba87b5ff8a943f0597e04a247d80620e40057ef95aeb345a1c99
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70312911E0C182A2FB55BB649C223B9A391EF4A384FC44035DB5D5B397DEBCE845CA70
                                                                                                                                                                                            Function 70A70A30 Relevance: 6.0, APIs: 4, Instructions: 38threadinjectionCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Thread$ContextCurrent
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 195563550-0
                                                                                                                                                                                            • Opcode ID: 28fea4604ca6fef9d06f2ff79cdcf5c43462e4a59386bbe1a7154d01d539f8b1
                                                                                                                                                                                            • Instruction ID: 01bc0719a83438bc923d157a8d7d628b96fb459852aa8f2eb93c5b1d9df1b075
                                                                                                                                                                                            • Opcode Fuzzy Hash: 28fea4604ca6fef9d06f2ff79cdcf5c43462e4a59386bbe1a7154d01d539f8b1
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D117172618785C6EB608B64F91870FB3E5F3883D4F509629D6C986A9CCFBCC189CB00
                                                                                                                                                                                            Function 00007FF7227EFEE4 Relevance: 4.6, APIs: 3, Instructions: 92fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseCreateDriveFileHandleType_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2907017715-0
                                                                                                                                                                                            • Opcode ID: 6bc34977209249cb9a8280982b1036741a152119e2b8ccc82b4d09bdf26104ee
                                                                                                                                                                                            • Instruction ID: 17d63531d7779000f9f5b33a86c265a83b04b75666635c40b36900e586798021
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6bc34977209249cb9a8280982b1036741a152119e2b8ccc82b4d09bdf26104ee
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6531D332D1C78196F610AF209900269B650FB9B7A4F504335EBAC03BE1DFBCE1A0CB61
                                                                                                                                                                                            Function 00007FF7227F4394 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1703294689-0
                                                                                                                                                                                            • Opcode ID: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                            • Instruction ID: bcc93b480b5f4dc1104e9f92c1f4308005c2b1a54f8dacbc0c3103113d47ca05
                                                                                                                                                                                            • Opcode Fuzzy Hash: f5bd35b994d705466abf85fcadaa355dadbc0a36878a45ce859ff20c5e8e7d7d
                                                                                                                                                                                            • Instruction Fuzzy Hash: C3E01220A0D70142F7247730ACA527952D1FF4D741F405538DA0A52356CDBDE858CB31
                                                                                                                                                                                            Function 00007FF7227EC980 Relevance: 3.2, APIs: 2, Instructions: 175COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 3a360d2ad2bb13cf9f8ab5b50ae1311b61a053adb877290eeecf37944b2da1b9
                                                                                                                                                                                            • Instruction ID: 476388455c3dff56e844f02562cd69d276119f03e351fd8a34980fe25ff264c8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a360d2ad2bb13cf9f8ab5b50ae1311b61a053adb877290eeecf37944b2da1b9
                                                                                                                                                                                            • Instruction Fuzzy Hash: F251D425B0D2C265F62AFE259C0067AA681FF4ABA4F844238DF6C167C5CEBCD401CE34
                                                                                                                                                                                            Function 00007FF7227F6ABC Relevance: 3.0, APIs: 2, Instructions: 42COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • SetFilePointerEx.KERNEL32(?,?,?,00007FF7227F77DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7227F7707), ref: 00007FF7227F6B00
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7227F77DF,?,?,?,?,?,?,?,?,?,?,?,00007FF7227F7707), ref: 00007FF7227F6B0A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                            • Opcode ID: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                            • Instruction ID: 956d1281124600c0a98724a271cd9f61e8e566d8fa018a01af43b2c2fcb05f98
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1070729c18fb5a550bb7979bd9dd777fb7470f3e740498ab44d3ee6d69d9d9f5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A01A561B1CA8241FA106B25AC44079A261EF89BF0FE44331EA3E077E4DEBCD495CB21
                                                                                                                                                                                            Function 00007FF7227F5B24 Relevance: 2.6, APIs: 2, Instructions: 55COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FF7227F5A57,?,?,00000000,00007FF7227F5AFF,?,?,?,?,?,?,00007FF7227EC892), ref: 00007FF7227F5B8A
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF7227F5A57,?,?,00000000,00007FF7227F5AFF,?,?,?,?,?,?,00007FF7227EC892), ref: 00007FF7227F5B94
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                            • Opcode ID: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                            • Instruction ID: 5c515f121c270d79d18ccd8ad7f336d0a844ea66cd419e159d0c69d1da892595
                                                                                                                                                                                            • Opcode Fuzzy Hash: 482a02ddfad1f0d1748aaf476af5d25a2817b8fdf229cc618c88afa72f650b78
                                                                                                                                                                                            • Instruction Fuzzy Hash: 51116061B0C68241FAA477609CA527C9282DF4E7A4FD40635DB2D473C2DEECE854CA20
                                                                                                                                                                                            Function 00007FF7227F6860 Relevance: 1.6, APIs: 1, Instructions: 104COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                            • Instruction ID: 1daf409f558a74e30379e4e1bcc020c0b99a108df5a28e56e260a4b8cec4edac
                                                                                                                                                                                            • Opcode Fuzzy Hash: c5dd71678ec1c3fccfd7b12bb33d50ac5b5a91bc82f8ec354b455621dbb7ad32
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A41E732A1D20187FA18EB18DA5027CB7A0FB4AB50F800135DFAD47790CFA9E462CB61
                                                                                                                                                                                            Function 00007FF7227F309C Relevance: 1.6, APIs: 1, Instructions: 89COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                            • Instruction ID: 3af92a77a9bee0391dd1db6e360c6423c6e131de1d570ab94e63d53707e38692
                                                                                                                                                                                            • Opcode Fuzzy Hash: 18b213fde59874ac87f85e5de4d39c2b719f2023920e8f19be70c6083ce6ebcb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1931B522E1DA8681FA54AA25CD44378A790EF4AFD4F944132CB1D0B7D5DFBCE845CB60
                                                                                                                                                                                            Function 00007FF7227E6CF0 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                            • Opcode ID: 416ccd75e3329821f033f40aa8b09820a10d9ece314fd501cd0758e0ff21fce6
                                                                                                                                                                                            • Instruction ID: d535aa050ff5b88f5eb75f871e42957def9e2e57421af21e8af5da3dd77e7bc1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 416ccd75e3329821f033f40aa8b09820a10d9ece314fd501cd0758e0ff21fce6
                                                                                                                                                                                            • Instruction Fuzzy Hash: EE214F21B1C29266FA55BA1399043BAD655FB4ABD4FC84031DF4C07B86CEBCE415CB20
                                                                                                                                                                                            Function 00007FF7227F62EC Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: aa9d58daa4fdca7623e2d05d1a30ecc85dcbd656578da667b3aeae77bf12bded
                                                                                                                                                                                            • Instruction ID: 1a8c9bc7bb7abdbc07ae9f6b70263acdc5564f07cb59d3a583afa6388d6d5bbe
                                                                                                                                                                                            • Opcode Fuzzy Hash: aa9d58daa4fdca7623e2d05d1a30ecc85dcbd656578da667b3aeae77bf12bded
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC314B22A0C64296F6117B658C4127DA650EF9ABA1FD10235EB2D037E2CFFCE451CB31
                                                                                                                                                                                            Function 00007FF7227F69CC Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                            • Instruction ID: f03dabe30a6fc2953d061d5e0ae8b254157dd85abcdc3fe138e5a87aa6ff5619
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c1c2126216073ca25d245121089a136ff3a7aa371bcd7b64ec763e68947bfc6
                                                                                                                                                                                            • Instruction Fuzzy Hash: F4218D62A0C68256F6017F219C41379A650EB89BB0F958635EE3D077E2CEBCE481CB65
                                                                                                                                                                                            Function 00007FF7227F0C88 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                            • Instruction ID: b50e513076653c26c3700afa9ebfce544ad22b7ce52a0bebeb2f2623a6f7115d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a0c664ea0f4c756350c608c231ff57430cf4264c82a4fdbd8aab7f477704700
                                                                                                                                                                                            • Instruction Fuzzy Hash: B1115121A1D68181FA60BF519C00279E260FF9AB84F944431EB4C47B9ADFBCD400CF61
                                                                                                                                                                                            Function 00007FF722800954 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                            • Instruction ID: fb2ccb7dbe9e9fb2ad908cfc1ca1a8399941ddc8f77487a98e0aa236805a4b81
                                                                                                                                                                                            • Opcode Fuzzy Hash: c350cc26a48ec555f8fe80a66dafdb4ca60a247c62ca8753b8880114feebe66c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0721B332A08A8187F760AF19DC40379B6A0EB94B90FA44234EA5D476DADF7CD920CF10
                                                                                                                                                                                            Function 00007FF7227F42D8 Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: HandleModule$AddressFreeLibraryProc
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3947729631-0
                                                                                                                                                                                            • Opcode ID: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                            • Instruction ID: 698038ba411adcd62aefc8a68458d85f083cea961a6f6fe6b6846ae00e85dbee
                                                                                                                                                                                            • Opcode Fuzzy Hash: 43a0ca25b5b6844c1e1db732f007f001f54d2ff9bdd56d7814c1d6215129c12c
                                                                                                                                                                                            • Instruction Fuzzy Hash: D1214C32A0D7418AFB11AF64E8542BC76A4FB49708F84453AD70D12B85EFB8D595CBA0
                                                                                                                                                                                            Function 00007FF7227ECC00 Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                            • Instruction ID: 42ef296179ae64101c0c5ec5ecd370e137aadb83e1fc8ba615d9d90b90fc6e83
                                                                                                                                                                                            • Opcode Fuzzy Hash: 050f2a8f569f90b9d9de9d5361addb679e72bb7a6764323921c2888df917ddcb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2801E565A0D78140FA15AB629C00079E690FF8AFE0F888235DF6C17BE6CEBCD401CB20
                                                                                                                                                                                            Function 00007FF7227F5A80 Relevance: 1.5, APIs: 1, Instructions: 41COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                            • Instruction ID: e8946879282d7d4a581d600b404038633e2ff6cdb2a46ec539157892b1e5e73e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 66a92c8017b1c3694242cf642bf5e48a42ebde1ff1b4540aa1cd3d890f4142b9
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5115EA291C68296FA14AB50DC412ADB760EB89764FD04232DB4D067E5CFBCE415CF21
                                                                                                                                                                                            Function 00007FF7227EC840 Relevance: 1.5, APIs: 1, Instructions: 40COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: e6931b6c3aa3e516f0ec126b93670d8baae33747ede93eb3b693a768aeb603a6
                                                                                                                                                                                            • Instruction ID: 9359b024614fdf2fbfc6612265c98196373eb816f12d811f090aeee9f58a6f63
                                                                                                                                                                                            • Opcode Fuzzy Hash: e6931b6c3aa3e516f0ec126b93670d8baae33747ede93eb3b693a768aeb603a6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4901B125E0D64251FE25BA769D5227C9150DF8E764FA80730EB2E463D2CEBCE401CA70
                                                                                                                                                                                            Function 70A961A0 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 544645111-0
                                                                                                                                                                                            • Opcode ID: 49d10bfd3b1bbcd756db62a4f63dd0993da53e5e8617dc023a970a1a4dbcfd5d
                                                                                                                                                                                            • Instruction ID: 6302ce20af1cc994caa7ae9dae8c87f0daf10d7ea461e39018fcdd3f0113c9b7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 49d10bfd3b1bbcd756db62a4f63dd0993da53e5e8617dc023a970a1a4dbcfd5d
                                                                                                                                                                                            • Instruction Fuzzy Hash: E9F0F87073903486E73B0621DB10B9C28E86F16791F70031A9D164BAAED59FC685AF4A
                                                                                                                                                                                            Function 00007FF7227ECCA8 Relevance: 1.5, APIs: 1, Instructions: 32COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                            • Instruction ID: d4cf92f00e4752660016598f78c462e0fed77c43b56d191969a4b3d182589836
                                                                                                                                                                                            • Opcode Fuzzy Hash: d27ab3f074c20aa396e25fcbfc74d5af21bb4413395d19741f8897ba95156ec4
                                                                                                                                                                                            • Instruction Fuzzy Hash: CDF0CD21A0DAC251FA11BA66AC0107DE150EF8BBE0F981130EB1947BA6CEBCD8518B30
                                                                                                                                                                                            Function 70A70830 Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: c823faa15566a86fb00b9333fdc6012f9f5f1a8bdd8901f582e7834435a46c45
                                                                                                                                                                                            • Instruction ID: 844052589c766181325261979793a9de1e1e65e2f2ed640dd78682ccce03931c
                                                                                                                                                                                            • Opcode Fuzzy Hash: c823faa15566a86fb00b9333fdc6012f9f5f1a8bdd8901f582e7834435a46c45
                                                                                                                                                                                            • Instruction Fuzzy Hash: C4F012A0B95205CDF714E7B1AE53B1D32A46F58384F80F038940AC526DE768E985CA9B
                                                                                                                                                                                            Function 00007FF7227EC8C4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                            • Instruction ID: f4cb4d7c3491204fe9cc638625572b380ec41a9e667c4f53a3a732ae20771a3d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 543a764d24b90672a05431dc1a130dac9a0496b5ba23ca517f68794dfbf99782
                                                                                                                                                                                            • Instruction Fuzzy Hash: EAF0B42090D68655F916B779AD1217DA140DF8E390F980130EB2D8A7C2CEBCE441DF31
                                                                                                                                                                                            Function 00007FF7227F3048 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                            • Instruction ID: 71073b9720eb67000bae251df466d0423d80de88bc623ce88e265a4568ccdd35
                                                                                                                                                                                            • Opcode Fuzzy Hash: dccd32863e6f506b4f301f1450c7bfa29d8f33399d9aa950cae963106b31457f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 08E06520E5E68250F915BB76AC11179A151DF8A7F0F941730EB7D0ABC2DEBCD050CB24
                                                                                                                                                                                            Function 00007FF7227E6CA0 Relevance: 1.5, APIs: 1, Instructions: 20libraryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF7227E7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7227E74CA
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,00000000,00007FF7227E2E7E), ref: 00007FF7227E6CC3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2592636585-0
                                                                                                                                                                                            • Opcode ID: 7c69f5bdda1eef16465723f98914207d24655a7f3b6b4d41d5decdc102751653
                                                                                                                                                                                            • Instruction ID: d60b0b544c0c28dfb715311b79c45ba35615ed16ccac46a22d842f0c31cfece4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7c69f5bdda1eef16465723f98914207d24655a7f3b6b4d41d5decdc102751653
                                                                                                                                                                                            • Instruction Fuzzy Hash: 80E08611B1818252EA18A767BD1547AE291EF4DBC0B8890359F4D47B55DD3CD4908E10
                                                                                                                                                                                            Function 70A93D70 Relevance: 1.5, APIs: 1, Instructions: 213COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2221118986-0
                                                                                                                                                                                            • Opcode ID: a08d9ca910d21b77587ba1d857b94bf5e366f1e9c5df235c1de5637b90e8be30
                                                                                                                                                                                            • Instruction ID: 8fb5f88bfe15a89395bf2ce6cb42b89412a305677f831cbb755cbd6d2b528df1
                                                                                                                                                                                            • Opcode Fuzzy Hash: a08d9ca910d21b77587ba1d857b94bf5e366f1e9c5df235c1de5637b90e8be30
                                                                                                                                                                                            • Instruction Fuzzy Hash: ED9177B3B20A9486DB558F26D05135D3BF5E709F98F18411ADE8A0B79CDB38C895C384
                                                                                                                                                                                            Function 00007FF7227F9550 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF7227F86BD,?,?,00000000,00007FF7227EFC79,?,?,?,?,00007FF7227F59F1), ref: 00007FF7227F95A5
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                            • Opcode ID: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                            • Instruction ID: 14ff5c389a31ad85522619906727b8601c6480de666c87d6f0422ef499650d02
                                                                                                                                                                                            • Opcode Fuzzy Hash: afbdb11ed1b08d377bc5fadb4004119812ee57a7d3acb3d5a3c71706b847d8e8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7CF04954F0E22781FE647A665C112B5D290EF9EB80F8C0030DE0E873D1EEACE480CA30
                                                                                                                                                                                            Function 00007FF7227F7D90 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                            • Opcode ID: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                            • Instruction ID: 7b79bc58de0c42051d22d3532b02b4336716c264d733af673db7a6d8d66a2d35
                                                                                                                                                                                            • Opcode Fuzzy Hash: da64b355eaac81519204d4bb0c2681d204a24ced9ca617c428c4ac08c8bc7bff
                                                                                                                                                                                            • Instruction Fuzzy Hash: 50F0F812B0E64645FA6476635D812B59280DF8EBA0FC80634EE2E863D2DEFCE451CA31
                                                                                                                                                                                            Function 70A70C30 Relevance: 1.3, APIs: 1, Instructions: 11COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: free
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1294909896-0
                                                                                                                                                                                            • Opcode ID: 11926e8aac614788481d86786482c1512f2f894a64f86faaff5e2741f2eeb34b
                                                                                                                                                                                            • Instruction ID: 9e8e68cd071f58dd3d494a028eae8bd57b5eb3cf435511a16bc6720ebf6707ed
                                                                                                                                                                                            • Opcode Fuzzy Hash: 11926e8aac614788481d86786482c1512f2f894a64f86faaff5e2741f2eeb34b
                                                                                                                                                                                            • Instruction Fuzzy Hash: A5C08CA6B13A00C1FF0A5BA2FC623382220AB5CF05F189110CE0E46304CB2C80908301

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00007FF7227E1B80 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 188windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MessageSend$Window$Create$Move$ObjectSelect$#380BaseClientDialogDrawFontIndirectInfoParametersRectReleaseSystemTextUnits
                                                                                                                                                                                            • String ID: BUTTON$Close$EDIT$Failed to execute script '%ls' due to unhandled exception: %ls$STATIC
                                                                                                                                                                                            • API String ID: 2446303242-1601438679
                                                                                                                                                                                            • Opcode ID: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                            • Instruction ID: 02a36544919f48485a163d82119bbf21b69113fa7be908b4c44e5fed08b646e0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 405cae881102fd9b4288b25694fdcb7e510b233441f66b6cc7a0f1c85a4d260d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 32A15A36208B8197E7149F21E85479AB7B0F789B90F904129DB8D03B24CFBDE265CF60
                                                                                                                                                                                            Function 70A227E0 Relevance: 40.4, APIs: 17, Strings: 6, Instructions: 156memoryfileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _snprintf.MSVCRT ref: 70A2282C
                                                                                                                                                                                            • CreateFileA.KERNEL32 ref: 70A22860
                                                                                                                                                                                            • GlobalAlloc.KERNEL32 ref: 70A2287A
                                                                                                                                                                                            • DeviceIoControl.KERNEL32 ref: 70A228F4
                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 70A2290A
                                                                                                                                                                                            • _snprintf.MSVCRT ref: 70A22947
                                                                                                                                                                                            • CreateFileA.KERNEL32 ref: 70A22974
                                                                                                                                                                                            • GlobalAlloc.KERNEL32 ref: 70A22995
                                                                                                                                                                                            • GlobalAlloc.KERNEL32 ref: 70A229A4
                                                                                                                                                                                            • DeviceIoControl.KERNEL32 ref: 70A229EC
                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 70A22A05
                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 70A22A0A
                                                                                                                                                                                            • CloseHandle.KERNEL32 ref: 70A22A14
                                                                                                                                                                                            • GlobalFree.KERNEL32 ref: 70A22A36
                                                                                                                                                                                              • Part of subcall function 70A224D0: GetLastError.KERNEL32 ref: 70A224D4
                                                                                                                                                                                              • Part of subcall function 70A224D0: FormatMessageA.KERNEL32 ref: 70A22505
                                                                                                                                                                                              • Part of subcall function 70A224D0: LocalFree.KERNEL32 ref: 70A22526
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Global$Free$Alloc$ControlCreateDeviceFile_snprintf$CloseErrorFormatHandleLastLocalMessage
                                                                                                                                                                                            • String ID: /%d:$Empty serial number$SCSIDISK$\\.\PhysicalDrive%d$\\.\Scsi%d$platforms/windows/hdinfo.c
                                                                                                                                                                                            • API String ID: 1119308327-2400754906
                                                                                                                                                                                            • Opcode ID: 384ffa04cd1a696324e7cec84fd171729c384a46f7cec705e0c5612fa5f50a0b
                                                                                                                                                                                            • Instruction ID: b4551d7441d01ad9ae180f4a3ea40a004a1ba3e9d6619aaa2720dffcf790b555
                                                                                                                                                                                            • Opcode Fuzzy Hash: 384ffa04cd1a696324e7cec84fd171729c384a46f7cec705e0c5612fa5f50a0b
                                                                                                                                                                                            • Instruction Fuzzy Hash: D551D031704A858AE7209F22F81474B7B64F788BE8F544325AE5E47BD8CF7CD60A8744
                                                                                                                                                                                            Function 70A22B90 Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 171fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseHandleisxdigitmemset$ControlCreateDeviceFileisprintmemcpywsprintf
                                                                                                                                                                                            • String ID: /%d:$\\.\PhysicalDrive%d
                                                                                                                                                                                            • API String ID: 2355516209-72258043
                                                                                                                                                                                            • Opcode ID: c46139a651565a537a26ae49c0ef5d3c068ea7cb58dc9807431f723c5a7c1a3e
                                                                                                                                                                                            • Instruction ID: 9dac0609806135c3308a367260ad570ebac124ab385acaec6edb51da7337f25a
                                                                                                                                                                                            • Opcode Fuzzy Hash: c46139a651565a537a26ae49c0ef5d3c068ea7cb58dc9807431f723c5a7c1a3e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A514772718A8095E701CB22F84435FBBA6BBC5795F448235EE9A87B9CDB7CC509C740
                                                                                                                                                                                            Function 70A37D40 Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 110encryptionCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Cryptclock$Context$Acquire$RandomRelease
                                                                                                                                                                                            • String ID: ($Microsoft Base Cryptographic Provider v1.0$out != NULL$src/prngs/rng_get_bytes.c
                                                                                                                                                                                            • API String ID: 2525729555-3762154145
                                                                                                                                                                                            • Opcode ID: 5bec18a9c7578fe2ec0224cbb84f8722a9f82902861a66ec4bcf88b42fc9b169
                                                                                                                                                                                            • Instruction ID: 422e7d945204d27204d2d6b6afd15af86af9bc0835e01cac6feafe0ac117ae3d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bec18a9c7578fe2ec0224cbb84f8722a9f82902861a66ec4bcf88b42fc9b169
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9731263270868482E721CB66E94435EA6B6B78DBD0FA14525DE4A43328EF7DDD46C340
                                                                                                                                                                                            Function 70A22540 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 98memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • platforms/windows/hdinfo.c, xrefs: 70A22687
                                                                                                                                                                                            • Too small size, xrefs: 70A22680
                                                                                                                                                                                            • %02x:%02x:%02x:%02x:%02x:%02x, xrefs: 70A225B7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AdaptersAddressesFree$Alloc
                                                                                                                                                                                            • String ID: %02x:%02x:%02x:%02x:%02x:%02x$Too small size$platforms/windows/hdinfo.c
                                                                                                                                                                                            • API String ID: 3314560173-3552495142
                                                                                                                                                                                            • Opcode ID: b57a8ce08a754f6cf6ec0152526fb15f66516f8a692f16ecd1f26efd470e5a92
                                                                                                                                                                                            • Instruction ID: 88f9e28fe60658c3117d3e7cc8d6a77d82bb89847621998976c2e65d8d0435d6
                                                                                                                                                                                            • Opcode Fuzzy Hash: b57a8ce08a754f6cf6ec0152526fb15f66516f8a692f16ecd1f26efd470e5a92
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2931F6226082919AD710DBBAF810B2F7BA2E789B95F444236BD598375CDF3CD504DB00
                                                                                                                                                                                            Function 70A22360 Relevance: 15.1, APIs: 10, Instructions: 105memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Free$AdaptersAddressesAllocmemcpy
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3510192139-0
                                                                                                                                                                                            • Opcode ID: 460cfef02125aafe1f9c14dabf3492322ad1734782819cba27e93f61b5d0619c
                                                                                                                                                                                            • Instruction ID: e5cbd6fc2634aa037c67ddad1f4e67055fa624644dc4606b2211ccd083273d5f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 460cfef02125aafe1f9c14dabf3492322ad1734782819cba27e93f61b5d0619c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1231E1227145919ED751EB6AFD00B5E27A6AB88BD4F588139EE0D87B1CEF38C941C700
                                                                                                                                                                                            Function 70A94FD0 Relevance: 12.0, APIs: 8, Instructions: 50COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RtlCaptureContext.KERNEL32 ref: 70A94FE4
                                                                                                                                                                                            • RtlLookupFunctionEntry.KERNEL32 ref: 70A94FFB
                                                                                                                                                                                            • RtlVirtualUnwind.KERNEL32 ref: 70A9503D
                                                                                                                                                                                            • SetUnhandledExceptionFilter.KERNEL32 ref: 70A95081
                                                                                                                                                                                            • UnhandledExceptionFilter.KERNEL32 ref: 70A9508E
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32 ref: 70A95094
                                                                                                                                                                                            • TerminateProcess.KERNEL32 ref: 70A950A2
                                                                                                                                                                                            • abort.MSVCRT ref: 70A950A8
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterProcessUnhandled$CaptureContextCurrentEntryFunctionLookupTerminateUnwindVirtualabort
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4278921479-0
                                                                                                                                                                                            • Opcode ID: b2a2748310470f8899fff848dd700a17d42f3ab7c6db63b48048a1e4d32b5f4f
                                                                                                                                                                                            • Instruction ID: bd5656f3dada476d7da197d5acffcd9356e3a21da82ff8a1aa9186586d4c7419
                                                                                                                                                                                            • Opcode Fuzzy Hash: b2a2748310470f8899fff848dd700a17d42f3ab7c6db63b48048a1e4d32b5f4f
                                                                                                                                                                                            • Instruction Fuzzy Hash: B121F072A19F00DAEB00DB65F88539933A8BB18B94F54462AD94E53728EF3CE615C744
                                                                                                                                                                                            Function 00007FF722800010 Relevance: 9.3, APIs: 6, Instructions: 280timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$InformationTimeZone
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 435049134-0
                                                                                                                                                                                            • Opcode ID: 2ad49692c65a9643aff4bf0dd6164fb5e4ae0d0b7e62790cc916ec93dee904d3
                                                                                                                                                                                            • Instruction ID: ffdc0998051574307bd460fa5dc29e7a495e4a7171fa9a6b2595296e6a6b12dd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2ad49692c65a9643aff4bf0dd6164fb5e4ae0d0b7e62790cc916ec93dee904d3
                                                                                                                                                                                            • Instruction Fuzzy Hash: DAB1AD22A0C64286FB20FF22DC415B9A7A1FB89794F844135EE4D47796DFBCE551CB20
                                                                                                                                                                                            Function 00007FF7227F5750 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                            • Opcode ID: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                            • Instruction ID: 979926fd2a07e8660e79338ccc134c5cabb6af00b4246870419a0f874830565d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7af9a718ba771edf7e69dad524d47659ead305be643fa1df24af60c020ca3b2e
                                                                                                                                                                                            • Instruction Fuzzy Hash: A7316F32608B8196EB60DF25EC402AEB3A4FB89758F940135EB9D43B95DF7CC555CB20
                                                                                                                                                                                            Function 70A0F220 Relevance: 7.7, APIs: 6, Instructions: 177COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: freememcpy
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3223336191-0
                                                                                                                                                                                            • Opcode ID: f287b2072ea6946470282008087b7e23b302a66463c7ec6cfb87f24ad3a9771a
                                                                                                                                                                                            • Instruction ID: 9a4f6bea6cfa91a9d34f553a13e8b3e30332e99cf9a49840e3e47333482b29e8
                                                                                                                                                                                            • Opcode Fuzzy Hash: f287b2072ea6946470282008087b7e23b302a66463c7ec6cfb87f24ad3a9771a
                                                                                                                                                                                            • Instruction Fuzzy Hash: F45144B2B142448AE710CF25FD4179EB3A0FB85BD4F584526EE0A97B68EB3CD941CB00
                                                                                                                                                                                            Function 00007FFDFB1022E8 Relevance: 6.4, APIs: 5, Instructions: 140COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memmove$memset
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3790616698-0
                                                                                                                                                                                            • Opcode ID: 5c27fcc7b015d44772e24548af3a7e83aa402ed56b7fba7a99915febce0b760f
                                                                                                                                                                                            • Instruction ID: 8e43a4aecff7fbd82042d101dd59e83991b37f071df801ff4593f807aa4ee164
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5c27fcc7b015d44772e24548af3a7e83aa402ed56b7fba7a99915febce0b760f
                                                                                                                                                                                            • Instruction Fuzzy Hash: A551D33671A78696DB10DB16E49066EBBA4FB49BD4F444135EEAD077EACE3CE101C700
                                                                                                                                                                                            Function 70A0F7C0 Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 386COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: freememcpy
                                                                                                                                                                                            • String ID: code$obfmode.c
                                                                                                                                                                                            • API String ID: 3223336191-930819804
                                                                                                                                                                                            • Opcode ID: dc14d8226260d49c9165f20aa5241bef20a306c605970bd135765dd0d34d7bdd
                                                                                                                                                                                            • Instruction ID: 6917fd84ce4b7eec176e7c6c0ed5b612174d1cd21adbfbec51eb4a56df3fa37e
                                                                                                                                                                                            • Opcode Fuzzy Hash: dc14d8226260d49c9165f20aa5241bef20a306c605970bd135765dd0d34d7bdd
                                                                                                                                                                                            • Instruction Fuzzy Hash: A4F15C72609B89CAEB01CF15F89035A73B5F799B84F148616DA4E57B6CEB3CE941CB00
                                                                                                                                                                                            Function 70A2B990 Relevance: 6.3, Strings: 4, Instructions: 1259COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: in != NULL$out != NULL$outlen != NULL$src/misc/base64/base64_decode.c
                                                                                                                                                                                            • API String ID: 0-942433653
                                                                                                                                                                                            • Opcode ID: b2558993aaca83f820dfd5d65f1f5451e7e216c40fc5bdb80812e44ec83140e8
                                                                                                                                                                                            • Instruction ID: c220ff7af34c8ff94be0288ed6175b2c1fec263ddb90f7bceb27053363a4f9c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: b2558993aaca83f820dfd5d65f1f5451e7e216c40fc5bdb80812e44ec83140e8
                                                                                                                                                                                            • Instruction Fuzzy Hash: BD927A7392C7C887D3078E24A86436E7A22A3D9357F898235EF070739AE279DE55C351
                                                                                                                                                                                            Function 00007FF7227FFF2C Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                            • Opcode ID: 0c884086102c4b45e394e5883d44db676d981fc4a610e566de8c3fbbb4b0ead5
                                                                                                                                                                                            • Instruction ID: 84a151b840e87bdd2214954e3623fedf19b630ba30301cdb943e0e9abc33262b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0c884086102c4b45e394e5883d44db676d981fc4a610e566de8c3fbbb4b0ead5
                                                                                                                                                                                            • Instruction Fuzzy Hash: B991B226E0C25246FB20BB259C002BAA791EB8ABD4F944131EF4D47BD5DEBCD951CB50
                                                                                                                                                                                            Function 70A06A70 Relevance: 4.5, APIs: 3, Instructions: 44memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocVirtual$InfoSystem
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2622297391-0
                                                                                                                                                                                            • Opcode ID: 2a2f169c2492fb064d1481e1af4fe86063d5418802fbd42ad2118c2487268f2e
                                                                                                                                                                                            • Instruction ID: b95bca28cee1b9da50b6bbd39b323721e2f1490902f3cf501d192141c67d9567
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2a2f169c2492fb064d1481e1af4fe86063d5418802fbd42ad2118c2487268f2e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7A01A7B0B1650882EF219722B91975976A26B58BD9F048B35DD1F5B79CFA2CD1808704
                                                                                                                                                                                            Function 70A7094C Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 6dcaf8fd64b617dabc31471acd41cdaa2cab49e32dd27873edbdb04a6837cf38
                                                                                                                                                                                            • Instruction ID: a617565d58accae0b82bea1d9ba64370edf8ce81b1a8690ee9e5b021d4ddefa3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6dcaf8fd64b617dabc31471acd41cdaa2cab49e32dd27873edbdb04a6837cf38
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34111CB2629240CFE3909F09E88471FBAA0E384754F10A125F29BCB7A9D7BCC944CF40
                                                                                                                                                                                            Function 70A04B80 Relevance: 119.4, APIs: 63, Strings: 5, Instructions: 431stringfileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$fprintfstrerror$fclosefputc$fwrite
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$_pytransform.c$inbuf$pytransform.log
                                                                                                                                                                                            • API String ID: 3108438096-3708888661
                                                                                                                                                                                            • Opcode ID: 0f87c7a9d6faf2ae14d44c15da9011867e33a50cb74b5941311ce4c591fe54ad
                                                                                                                                                                                            • Instruction ID: 3d4bad9a6a3bd7ea6f5f26c18993db0544409fce498fc3e41b679f97711865c5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0f87c7a9d6faf2ae14d44c15da9011867e33a50cb74b5941311ce4c591fe54ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: 89F19DB0B29355DAEA04AB52FD2075D2361BB89BC4F44422ADD0E17768EF7CF506C346
                                                                                                                                                                                            Function 70A146D0 Relevance: 94.8, APIs: 47, Strings: 7, Instructions: 338stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$fprintf$fclosefputc$freefseekmallocstrrchr
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$.pye$__file__$__main__$_pytransform.c$pytransform.log
                                                                                                                                                                                            • API String ID: 1013380922-457461209
                                                                                                                                                                                            • Opcode ID: 82d458649a3144226b2a0ad43c7c5c9875671f79df2d5263f8ffe441c3a8bda6
                                                                                                                                                                                            • Instruction ID: d7d20a93d83dc10e026fbd7492e7c367c7d7411f4b566ceb5cf149befee7c4f4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 82d458649a3144226b2a0ad43c7c5c9875671f79df2d5263f8ffe441c3a8bda6
                                                                                                                                                                                            • Instruction Fuzzy Hash: D9D1B070B19716DAEA049B15EC1079D2361BB88BC0F44822ADD0E1B36CEF7CF946C346
                                                                                                                                                                                            Function 70A185C0 Relevance: 84.3, APIs: 44, Strings: 4, Instructions: 322COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$fprintf$fclosefputc$freadfreemalloc
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                            • API String ID: 957815278-2792274189
                                                                                                                                                                                            • Opcode ID: d172e294434ab4a641e77c9dca610de1c378f1b40257b8b6b1460959e86a38db
                                                                                                                                                                                            • Instruction ID: 7a9cf03f47818959a591ae26671a9d95f142265462c0a3ff709f9e3801c1769b
                                                                                                                                                                                            • Opcode Fuzzy Hash: d172e294434ab4a641e77c9dca610de1c378f1b40257b8b6b1460959e86a38db
                                                                                                                                                                                            • Instruction Fuzzy Hash: 31C1A1A0B28352D9EA059B12FE1076C2366BB89BC5F44422ADE0E177ACDF3CF545C306
                                                                                                                                                                                            Function 70A231A0 Relevance: 72.0, APIs: 25, Strings: 16, Instructions: 241filestringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A231DE
                                                                                                                                                                                              • Part of subcall function 70A22E60: strlen.MSVCRT ref: 70A22E83
                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A23217
                                                                                                                                                                                            • fputc.MSVCRT ref: 70A23249
                                                                                                                                                                                              • Part of subcall function 70A22540: GetAdaptersAddresses.IPHLPAPI ref: 70A22571
                                                                                                                                                                                              • Part of subcall function 70A22540: GetProcessHeap.KERNEL32 ref: 70A225ED
                                                                                                                                                                                              • Part of subcall function 70A22540: HeapFree.KERNEL32 ref: 70A225F7
                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A23278
                                                                                                                                                                                              • Part of subcall function 70A22360: GetProcessHeap.KERNEL32 ref: 70A223B3
                                                                                                                                                                                              • Part of subcall function 70A22360: HeapFree.KERNEL32 ref: 70A223BD
                                                                                                                                                                                            • fputc.MSVCRT ref: 70A232A2
                                                                                                                                                                                              • Part of subcall function 70A226B0: GetAdaptersAddresses.IPHLPAPI ref: 70A226E4
                                                                                                                                                                                              • Part of subcall function 70A226B0: inet_ntoa.WS2_32 ref: 70A22725
                                                                                                                                                                                              • Part of subcall function 70A226B0: GetProcessHeap.KERNEL32 ref: 70A22740
                                                                                                                                                                                              • Part of subcall function 70A226B0: HeapFree.KERNEL32 ref: 70A2274A
                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A232D1
                                                                                                                                                                                            • fputc.MSVCRT ref: 70A232E5
                                                                                                                                                                                              • Part of subcall function 70A22A90: GetProcessHeap.KERNEL32 ref: 70A22AAB
                                                                                                                                                                                              • Part of subcall function 70A22A90: HeapAlloc.KERNEL32 ref: 70A22ABF
                                                                                                                                                                                              • Part of subcall function 70A22A90: GetNetworkParams.IPHLPAPI ref: 70A22AF7
                                                                                                                                                                                              • Part of subcall function 70A22A90: GetProcessHeap.KERNEL32 ref: 70A22B19
                                                                                                                                                                                              • Part of subcall function 70A22A90: HeapFree.KERNEL32 ref: 70A22B23
                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A23314
                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23335
                                                                                                                                                                                            • strchr.MSVCRT ref: 70A2335B
                                                                                                                                                                                            • fputc.MSVCRT ref: 70A23372
                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23393
                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A233BB
                                                                                                                                                                                            • strchr.MSVCRT ref: 70A233C8
                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A233E9
                                                                                                                                                                                            • fputc.MSVCRT ref: 70A2340C
                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A2342D
                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A2346D
                                                                                                                                                                                            • fprintf.MSVCRT ref: 70A23497
                                                                                                                                                                                            • fputc.MSVCRT ref: 70A234B8
                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23507
                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23528
                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A23549
                                                                                                                                                                                            • fwrite.MSVCRT ref: 70A2356A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Failed to get ip address., xrefs: 70A23534
                                                                                                                                                                                            • Failed to get mac address., xrefs: 70A23513
                                                                                                                                                                                            • "%s", xrefs: 70A2339D, 70A233DC
                                                                                                                                                                                            • Hardware informations got by PyArmor:, xrefs: 70A231C6
                                                                                                                                                                                            • Failed to get domain name., xrefs: 70A23555
                                                                                                                                                                                            • Ip address: "%s", xrefs: 70A232C4
                                                                                                                                                                                            • Serial number with disk name: , xrefs: 70A2337E
                                                                                                                                                                                            • Multiple Mac addresses: "<, xrefs: 70A23418
                                                                                                                                                                                            • %02x, xrefs: 70A2348A
                                                                                                                                                                                            • %02x:, xrefs: 70A233FB
                                                                                                                                                                                            • >", xrefs: 70A234C7
                                                                                                                                                                                            • Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux, xrefs: 70A23320
                                                                                                                                                                                            • Failed to get harddisk information., xrefs: 70A234F2
                                                                                                                                                                                            • Domain name: "%s", xrefs: 70A23307
                                                                                                                                                                                            • Default Mac address: "%s", xrefs: 70A2326B
                                                                                                                                                                                            • Serial number of default harddisk: "%s", xrefs: 70A2320A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$fprintffwrite$fputc$Process$Free$AdaptersAddressesstrchr$AllocNetworkParamsinet_ntoastrlen
                                                                                                                                                                                            • String ID: "%s"$Change logsv6.2.0(r21): Remove trailing dot from harddisk serial numberv6.4.2(r34): Support binding multiple mac addressesv6.5.3(r37): Support binding named harddiskv6.7.5(r45): Support mmc/sd card in Linux$%02x$%02x:$>"$Default Mac address: "%s"$Domain name: "%s"$Failed to get domain name.$Failed to get harddisk information.$Failed to get ip address.$Failed to get mac address.$Hardware informations got by PyArmor:$Ip address: "%s"$Multiple Mac addresses: "<$Serial number of default harddisk: "%s"$Serial number with disk name:
                                                                                                                                                                                            • API String ID: 340787292-3771683696
                                                                                                                                                                                            • Opcode ID: 4f0036276bffa3d41c5d3d26c5b67faaa73ba1aac2b26e1b3d4ab6aca2ebdaff
                                                                                                                                                                                            • Instruction ID: 7cf4ec60d40abed6019bb084c384aeaba2cfdcb1448b9c6858b5220a9006991e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f0036276bffa3d41c5d3d26c5b67faaa73ba1aac2b26e1b3d4ab6aca2ebdaff
                                                                                                                                                                                            • Instruction Fuzzy Hash: ED812611B1125089FB04B772FA257AE1686DBCA7D4F40823A9E0E4B3DDDE3DE64AD301
                                                                                                                                                                                            Function 70A114B0 Relevance: 66.7, APIs: 33, Strings: 5, Instructions: 225stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fprintf$_errno$strerror$fputc$fclose$_time64atoffreestrlenstrstr
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$*TIME:$license.c$pytransform.log
                                                                                                                                                                                            • API String ID: 3204063161-4277730492
                                                                                                                                                                                            • Opcode ID: faf6224cf5504a5dc3bdeec8719ec7e14373f6519121fe5dacfce3a51b4c7c48
                                                                                                                                                                                            • Instruction ID: 8595db075d6df9c7eea7435ccaa43dce6ff5ccab33650ea862acd363185379a8
                                                                                                                                                                                            • Opcode Fuzzy Hash: faf6224cf5504a5dc3bdeec8719ec7e14373f6519121fe5dacfce3a51b4c7c48
                                                                                                                                                                                            • Instruction Fuzzy Hash: FC81D660B29752CAEB059B21ED6035D23B6BF89BD4F488226DD0E173A8DF3CF5468305
                                                                                                                                                                                            Function 70A10310 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 234COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errnomalloc
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$j > 0$protect.c$pytransform.log
                                                                                                                                                                                            • API String ID: 2517923351-3883256839
                                                                                                                                                                                            • Opcode ID: 4dc5b47ff0a49c269b6afca5914f8bfce4e5eee51c9dfa44d84ba538c194f108
                                                                                                                                                                                            • Instruction ID: 55dd092c6d83b911cf73404e1139f6c4e33ecaefa4e62a000ee96560add7c6c3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4dc5b47ff0a49c269b6afca5914f8bfce4e5eee51c9dfa44d84ba538c194f108
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9781C761B187529AEA059B22E96075D33A2BF89BC0F48813ADD0D9736CDF7CF542C316
                                                                                                                                                                                            Function 70A0A420 Relevance: 65.0, APIs: 32, Strings: 5, Instructions: 209COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$freemalloc
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$key != NULL$protect.c$pytransform.log
                                                                                                                                                                                            • API String ID: 1860011666-3885171557
                                                                                                                                                                                            • Opcode ID: bbcf7c7fd9569376295fae52137a17359815d18f0db1218fca529e742af67685
                                                                                                                                                                                            • Instruction ID: c03905c545f92f074beef446a159d5fa843e1a1206fd094a7418e84a7fa833e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: bbcf7c7fd9569376295fae52137a17359815d18f0db1218fca529e742af67685
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1171B360B19756D9EA04DB12FE2176D23A2BF99BC0F48813A9D0E17369EF3CF5018356
                                                                                                                                                                                            Function 70A13150 Relevance: 59.7, APIs: 5, Strings: 29, Instructions: 230stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$freemallocstrerror
                                                                                                                                                                                            • String ID: (OOO)$+F7unNMN$04U5w91r$3fvNMf9L$41qM08fu$4mLks8EO$Ew==$HERhc2hp$IFB5c2hp$IoHvpCe3$RbgIUXyw$S8tSMMR7$UeQH2iY/$Wrap result failed$Xa2Z/Fdw$ZWxkIFBy$aGQGvX/a$b2plY3Ql$bmdzb2Z0$cDxn1XUJ$ej7tPRL6$fSis3Gx0$k6W630PQ$nc/WZrlr$oFj2UIkE$oVCzhcbp$p5dyeOAr$qNGCrKem$thDV3x4e
                                                                                                                                                                                            • API String ID: 2349789213-1418605665
                                                                                                                                                                                            • Opcode ID: 0fee515c2a46785967a36dd75a646779e35ac0a2a748732f6da08942a3a7403e
                                                                                                                                                                                            • Instruction ID: 5316948da58dd5794ceb892ee4ff2ca9e69d6702223bda214d2d31568315f3cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fee515c2a46785967a36dd75a646779e35ac0a2a748732f6da08942a3a7403e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 31B14776606B8889DBA4CF26B85078E77E9F788BC4F54812ACE8D57718EF38D461C740
                                                                                                                                                                                            Function 70A16FB0 Relevance: 58.0, APIs: 29, Strings: 4, Instructions: 235COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errnofprintf$fputc$fclose
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                            • API String ID: 1597153534-2792274189
                                                                                                                                                                                            • Opcode ID: bd45206d1aae3fcedcbdcd7995c2b3ecaa0a967c28b0aa546f2812d364520040
                                                                                                                                                                                            • Instruction ID: ab83dbb1f22f42ce863df6c1740185282a1a89dcf8fc208aa1aca9b7befcec01
                                                                                                                                                                                            • Opcode Fuzzy Hash: bd45206d1aae3fcedcbdcd7995c2b3ecaa0a967c28b0aa546f2812d364520040
                                                                                                                                                                                            • Instruction Fuzzy Hash: F0918B60B29752DAEB05DB12ED2075D2375BB88BC4F449226DD0E1B768DF3CFA468306
                                                                                                                                                                                            Function 70A04590 Relevance: 57.9, APIs: 28, Strings: 5, Instructions: 194stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fprintf$_errno$fputc$fclose$strerror
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                                            • API String ID: 1803879104-71371975
                                                                                                                                                                                            • Opcode ID: 20dcfba8a94d0e5a4fff0f7e55a851bd5c6febb8109d1cf4ea1b1cfe96a2dc5e
                                                                                                                                                                                            • Instruction ID: 7d177adf98675eb4246874fd312f1518b6594a3db155ca6cce61103b930204b0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 20dcfba8a94d0e5a4fff0f7e55a851bd5c6febb8109d1cf4ea1b1cfe96a2dc5e
                                                                                                                                                                                            • Instruction Fuzzy Hash: B871B2A0B29756D9EA049B12FE2075C2362BF89BC1F44822ACD0E17368EF7CF505C346
                                                                                                                                                                                            Function 70A141A0 Relevance: 43.9, APIs: 19, Strings: 6, Instructions: 188stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$free$mallocstrerrorstrlen$fclosefseek
                                                                                                                                                                                            • String ID: Decode trial license failed$Format trial license file '%s'$Get current time failed$Invalid trial license file, size is %d != 256$Read trial license file '%s'$license.lic
                                                                                                                                                                                            • API String ID: 1618752535-3017380149
                                                                                                                                                                                            • Opcode ID: 2e7c6826e0a84d7a199170a70eca3f25cfc09e2a3f359b4f6f4a0f40bbf4d04c
                                                                                                                                                                                            • Instruction ID: f9efaae0ce4471f16573380e206ccd876ca8f946db78b68186592aed2f550434
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2e7c6826e0a84d7a199170a70eca3f25cfc09e2a3f359b4f6f4a0f40bbf4d04c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2C7111717096468ADB01CB24F9113AD63B6BBD4784F948225EA4E437ACEF7CE586C310
                                                                                                                                                                                            Function 70A042E0 Relevance: 43.9, APIs: 20, Strings: 5, Instructions: 155stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$(O)$pytransform.log$wrapper.c
                                                                                                                                                                                            • API String ID: 775964473-71371975
                                                                                                                                                                                            • Opcode ID: e7ab8194e584fdf7d85ececd62a9fc5343cf40ce71b57fd71a0ca48bfd3d6d37
                                                                                                                                                                                            • Instruction ID: 1cdb47f36d0b956a4b36afd2b9fcb31c1dcd5330a107a72d424494effbad33fe
                                                                                                                                                                                            • Opcode Fuzzy Hash: e7ab8194e584fdf7d85ececd62a9fc5343cf40ce71b57fd71a0ca48bfd3d6d37
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A5173A0B29756D9EA049B51FE2475D23A5BB88BC1F44822ADD0D1B36CEF7CF505C312
                                                                                                                                                                                            Function 70A13680 Relevance: 42.3, APIs: 14, Strings: 10, Instructions: 271stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$strerrorstrlen
                                                                                                                                                                                            • String ID: %c%c%c%s$%c%s$%s%s$Could not generate license in trial version$Dashingsoft Pyshield Project$Encode buffer failed$Import rsa key failed$Sign hash failed$The size of serial number %d > 2048$The total size of serial number %d > 2560
                                                                                                                                                                                            • API String ID: 427076510-1296519401
                                                                                                                                                                                            • Opcode ID: 679a87fe3903baab6a36d49d4dfe7abb6cab9c4beaac5ff2b8fbbb24b3a171bd
                                                                                                                                                                                            • Instruction ID: c1ecf48a3e836738f53b425fc0cca469055a19763858c4841e435463825440bb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 679a87fe3903baab6a36d49d4dfe7abb6cab9c4beaac5ff2b8fbbb24b3a171bd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 25C13A72A09B818AE720CB51F95078EB3A5F7C8784F944126EA8D93B6CEF3CD545CB40
                                                                                                                                                                                            Function 70A13BA0 Relevance: 38.7, APIs: 17, Strings: 5, Instructions: 168stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$fclosefreadstrerror
                                                                                                                                                                                            • String ID: Encode moudle key failed$Invalid public key %s$Open public key %s failed$Wrap result failed$Write output %s failed
                                                                                                                                                                                            • API String ID: 1423157237-2416068227
                                                                                                                                                                                            • Opcode ID: fc8263cf471056167a99d615c964ff8a8536502a1d140b0da7b445b64efe0c6d
                                                                                                                                                                                            • Instruction ID: af059605efeb0241d670f754cc7be9cffb2ff31e841a2f17d9d8403a44a8109b
                                                                                                                                                                                            • Opcode Fuzzy Hash: fc8263cf471056167a99d615c964ff8a8536502a1d140b0da7b445b64efe0c6d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5551CD62B1974695EB01DF51FE1039E23A4BB89BC4F844526EE0E13768EF3CE686C350
                                                                                                                                                                                            Function 70A0EC00 Relevance: 38.6, APIs: 18, Strings: 4, Instructions: 115COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 70A04900: fseek.MSVCRT ref: 70A04954
                                                                                                                                                                                              • Part of subcall function 70A04900: malloc.MSVCRT ref: 70A0496E
                                                                                                                                                                                              • Part of subcall function 70A04900: fclose.MSVCRT ref: 70A049A3
                                                                                                                                                                                            • _errno.MSVCRT ref: 70A0EC60
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errnofclosefseekmalloc
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$pytransform.log$utils.c
                                                                                                                                                                                            • API String ID: 882899668-4272501623
                                                                                                                                                                                            • Opcode ID: 17223cea7ad90b7dd39b25babe2557fc61845b7a460a3b87b77de20574d3a215
                                                                                                                                                                                            • Instruction ID: c994ccc21fe8a1525a6cf9883ed7ae1ae7d774de7e677e36598178200c0b8333
                                                                                                                                                                                            • Opcode Fuzzy Hash: 17223cea7ad90b7dd39b25babe2557fc61845b7a460a3b87b77de20574d3a215
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9C41A261B25309D9EA01DB52FE5176D23A1BF98BC4F48822A9D0D573A8EF3CF541C346
                                                                                                                                                                                            Function 70A18B90 Relevance: 36.9, APIs: 9, Strings: 12, Instructions: 165COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _strdup$fclosefprintf
                                                                                                                                                                                            • String ID: __armor%s__$__armor__$__armor_enter%s__$__armor_enter__$__armor_exit%s__$__armor_exit__$__armor_wrap%s__$__armor_wrap__$__pyarmor%s__$__pyarmor__$little$pytransform.log
                                                                                                                                                                                            • API String ID: 2840409039-221964360
                                                                                                                                                                                            • Opcode ID: 06d010830221482c768ac7b0fa081fda18851481fa646e867f0ad123cb5477fe
                                                                                                                                                                                            • Instruction ID: cf7dd6fc3acd19488ec7e0a1a9cafba60ce81224ccb3585ee8bbba285c7d896b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 06d010830221482c768ac7b0fa081fda18851481fa646e867f0ad123cb5477fe
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6051F561B19703D9FB118B61ED903AD2265BB487D4F84413ADD0E573A8DB3CFA85C352
                                                                                                                                                                                            Function 70A13E60 Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 182stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • key/iv size is %d, it must be 32., xrefs: 70A1402A
                                                                                                                                                                                            • %s is not a legal public key, xrefs: 70A13ED2
                                                                                                                                                                                            • %.0f, xrefs: 70A14090
                                                                                                                                                                                            • This function is not included in trial version, xrefs: 70A13F2E
                                                                                                                                                                                            • Fail to write trial license file %s, xrefs: 70A13FA1
                                                                                                                                                                                            • Failed to encode trial license., xrefs: 70A14180
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: free$_errno_time64fclosefreadmallocstrlen
                                                                                                                                                                                            • String ID: %.0f$%s is not a legal public key$Fail to write trial license file %s$Failed to encode trial license.$This function is not included in trial version$key/iv size is %d, it must be 32.
                                                                                                                                                                                            • API String ID: 710462250-180510518
                                                                                                                                                                                            • Opcode ID: 35b43d3abbb46c9e0a88625ea563a05af4a10be155eed0992325a3418ad647d6
                                                                                                                                                                                            • Instruction ID: 5bcb7b5652196dab43ed459ec3781a481052032af02b736bfcf40bdcce502566
                                                                                                                                                                                            • Opcode Fuzzy Hash: 35b43d3abbb46c9e0a88625ea563a05af4a10be155eed0992325a3418ad647d6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 87610761B1574699DB01DB25E91139E63B4FB89BD4F848222EE0E1776CEF3CE586C310
                                                                                                                                                                                            Function 70A106D0 Relevance: 35.1, APIs: 17, Strings: 3, Instructions: 93stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno$fprintf$fclosestrerror
                                                                                                                                                                                            • String ID: %s$%s,%d,%s$pytransform.log
                                                                                                                                                                                            • API String ID: 190382524-2823618119
                                                                                                                                                                                            • Opcode ID: b22ec3faffb8614a653549c7a7985012044751e5084476f5063c17f1ebe97a3e
                                                                                                                                                                                            • Instruction ID: b9c01ddd65afedd37a15345b8641c362f76c206aa8fef2bddf784dedc046aace
                                                                                                                                                                                            • Opcode Fuzzy Hash: b22ec3faffb8614a653549c7a7985012044751e5084476f5063c17f1ebe97a3e
                                                                                                                                                                                            • Instruction Fuzzy Hash: DF319C7172560299EA14AB12FD20F6C33A1BB89BC0F988139AE0D57368DF7CF944C746
                                                                                                                                                                                            Function 00007FFDFB101B77 Relevance: 31.7, APIs: 11, Strings: 7, Instructions: 204stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strspn$strncmp
                                                                                                                                                                                            • String ID: $ $ ,$..\s\crypto\pem\pem_lib.c$DEK-Info:$ENCRYPTED$Proc-Type:
                                                                                                                                                                                            • API String ID: 1384302209-3505811795
                                                                                                                                                                                            • Opcode ID: 7985cfdb996600f2f998fb0a24256cf60aa534b4d69326ebc210f6f3ee5533b5
                                                                                                                                                                                            • Instruction ID: 290cd48233139b30f33a46dcce54b96f6e13acc13d1719e21d3ad138881f8689
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7985cfdb996600f2f998fb0a24256cf60aa534b4d69326ebc210f6f3ee5533b5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1C91A062F0E55396E7249F1194A0EB937A0EF04B84F448035DAAD836EDEF3CE55ACB44
                                                                                                                                                                                            Function 70A373E0 Relevance: 30.2, APIs: 16, Strings: 4, Instructions: 243COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: free$malloc$memcpy$memset
                                                                                                                                                                                            • String ID: msghash != NULL$out != NULL$outlen != NULL$src/pk/pkcs1/pkcs_1_pss_encode.c
                                                                                                                                                                                            • API String ID: 4204908464-4182795421
                                                                                                                                                                                            • Opcode ID: 246829c954663de402a40489624608250503bf7e8efb20bb563f719af14e4b26
                                                                                                                                                                                            • Instruction ID: 4243c5bb510a087f98c806dc7c414c84c0a9d4a0b9317dfa1883d90e73cbfc26
                                                                                                                                                                                            • Opcode Fuzzy Hash: 246829c954663de402a40489624608250503bf7e8efb20bb563f719af14e4b26
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3891C0B271868586DB20DB16E85476EB7A4FB8ABC4F804115EE4F87B2CDF39D449CB40
                                                                                                                                                                                            Function 70A21F40 Relevance: 29.8, APIs: 12, Strings: 5, Instructions: 80stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fprintf$_errno$fputc$fclosestrerror
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$(iii)$_pytransform.c$pytransform.log
                                                                                                                                                                                            • API String ID: 775964473-1072082768
                                                                                                                                                                                            • Opcode ID: 4d1e57ddf9eea5da1267a453972f73117702d16c2e015693883435c7f85a4c26
                                                                                                                                                                                            • Instruction ID: 6c8511050860788e805defbd93931538faa15d6782fb7d90dcd82c01630c939f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d1e57ddf9eea5da1267a453972f73117702d16c2e015693883435c7f85a4c26
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0F316D60B2875299EB019B15FD1076D23A1BB88BC5F4842369D0D1B3A8DF3CF506C755
                                                                                                                                                                                            Function 70A173C0 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 102COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _errno
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$_pytransform.c$pytransform.log
                                                                                                                                                                                            • API String ID: 2918714741-2792274189
                                                                                                                                                                                            • Opcode ID: a49f028bb9a30a372b869685540c965747e360c22203631066ca679595dc5414
                                                                                                                                                                                            • Instruction ID: 3601f3991b782de414de29dcdf14ec6cd06a89726ba2ae3ffe100f171e95f696
                                                                                                                                                                                            • Opcode Fuzzy Hash: a49f028bb9a30a372b869685540c965747e360c22203631066ca679595dc5414
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F419A61B2875696EB00DB12F85075D67B5BB88BC4F448226DE4E07768EF3CE942C342
                                                                                                                                                                                            Function 70A11350 Relevance: 28.1, APIs: 12, Strings: 4, Instructions: 85stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fprintf$_errno$fputc$fclosefreestrerror
                                                                                                                                                                                            • String ID: %s$%s,%d,0x%x,$license.c$pytransform.log
                                                                                                                                                                                            • API String ID: 1153345444-4157288542
                                                                                                                                                                                            • Opcode ID: 097ec7dd370eb698f9119ff41cd353b68bad721531049dad760ca4dca8806718
                                                                                                                                                                                            • Instruction ID: 8be9686ff7d9a37a59bda575aba7502b5f65a14094e2ce4ebadaadcb2ccd9ab4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 097ec7dd370eb698f9119ff41cd353b68bad721531049dad760ca4dca8806718
                                                                                                                                                                                            • Instruction Fuzzy Hash: 85318460B19716DAEB059B21EE1175C23A5BB88BC0F44822ADD0E5B7ACEF3CF545C312
                                                                                                                                                                                            Function 70A96460 Relevance: 26.3, APIs: 9, Strings: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileMessageModuleName_snwprintfmalloc
                                                                                                                                                                                            • String ID: %ws$<unknown>$Assertion failed!Program: %wsFile: %ws, Line %uExpression: %ws$MinGW Runtime Assertion$j > 0$protect.c
                                                                                                                                                                                            • API String ID: 2604804178-2804858100
                                                                                                                                                                                            • Opcode ID: 0b84865dfd02a5efed9f46ac5a02ef1ed22720130152a39b7af6aea051016f55
                                                                                                                                                                                            • Instruction ID: 0cae7676f57b9b1aa686d5381e932ad5f0386894524a582c29565e5ca4791591
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0b84865dfd02a5efed9f46ac5a02ef1ed22720130152a39b7af6aea051016f55
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7621E272724604C9EB119B15EA903AD62A5AF48BC0FC44129E90E5B7ACEF3CE645C348
                                                                                                                                                                                            Function 70A340E0 Relevance: 22.9, APIs: 15, Instructions: 378COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memcpy$calloc$qsort
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3784193592-0
                                                                                                                                                                                            • Opcode ID: eea4dcc1b1766315c20184de3c126d1b323d1820373a2326a198f5f8baf229de
                                                                                                                                                                                            • Instruction ID: d720f20fec19250ac8457cd07a20b3372c131ff30555a17fa5c2e5b6289c531b
                                                                                                                                                                                            • Opcode Fuzzy Hash: eea4dcc1b1766315c20184de3c126d1b323d1820373a2326a198f5f8baf229de
                                                                                                                                                                                            • Instruction Fuzzy Hash: 69D134F27142A08BCB06CB51DC5469EBBA6F749BC9FC68515EA070B309DB79ED89C700
                                                                                                                                                                                            Function 70A2ED20 Relevance: 21.3, APIs: 5, Strings: 9, Instructions: 319COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: callocfree
                                                                                                                                                                                            • String ID: A != NULL$B != NULL$C != NULL$P != NULL$kA != NULL$kB != NULL$modulus != NULL$src/pk/ecc/ltc_ecc_map.c$src/pk/ecc/ltc_ecc_mul2add.c
                                                                                                                                                                                            • API String ID: 306872129-190324370
                                                                                                                                                                                            • Opcode ID: 63ee357e4c7f4e6535422577729b08799d49b0001440abaf454e4fdab3fd8e84
                                                                                                                                                                                            • Instruction ID: 668afb015e7757982c0d0347ae84e10e60dfab1742556132ab79f3204d6cebbc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 63ee357e4c7f4e6535422577729b08799d49b0001440abaf454e4fdab3fd8e84
                                                                                                                                                                                            • Instruction Fuzzy Hash: C1C1AB32608A85CADB20DF22E90479E6765F7C8BD6F514136EE8E97718EF78C844C700
                                                                                                                                                                                            Function 70A30C10 Relevance: 21.3, APIs: 9, Strings: 5, Instructions: 254COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: free$memcmp$malloc
                                                                                                                                                                                            • String ID: hash != NULL$key != NULL$sig != NULL$src/pk/rsa/rsa_verify_hash.c$stat != NULL
                                                                                                                                                                                            • API String ID: 2896619906-237625700
                                                                                                                                                                                            • Opcode ID: 93ef56e25def7a6680f6fea3de1857e5252392c2673cf2d9173d5e84dea47cd9
                                                                                                                                                                                            • Instruction ID: ef3c62d2dff8f2e3e6e7e17da0aa66db08175733310d73b62dd9ea8faa914e77
                                                                                                                                                                                            • Opcode Fuzzy Hash: 93ef56e25def7a6680f6fea3de1857e5252392c2673cf2d9173d5e84dea47cd9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 89B1CD726086848AD760CF01E554B8FF7A0F7887C8F904525EE8A87B5CDB7DE989CB40
                                                                                                                                                                                            Function 70A2FF60 Relevance: 18.5, APIs: 2, Strings: 10, Instructions: 483COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: in != NULL$key != NULL$key != NULL$key != NULL$ltc_mp.name != NULL$ltc_mp.name != NULL$size > 0$src/pk/rsa/rsa_free.c$src/pk/rsa/rsa_import.c$src/pk/rsa/rsa_make_key.c
                                                                                                                                                                                            • API String ID: 0-606996012
                                                                                                                                                                                            • Opcode ID: 69b99cfcc3cddb29e6f35f91677c9278315488088306450caadb0fba7eed45e0
                                                                                                                                                                                            • Instruction ID: 7b6c3c2240e03c6e4402d94ade7d92132c9727d52605580dc3721738ddb2f895
                                                                                                                                                                                            • Opcode Fuzzy Hash: 69b99cfcc3cddb29e6f35f91677c9278315488088306450caadb0fba7eed45e0
                                                                                                                                                                                            • Instruction Fuzzy Hash: C1220A72208B8586D760CF21E45478EB7B5F788B88F504126EF8A87B5CDF79D589CB40
                                                                                                                                                                                            Function 70A953B0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 283memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • VirtualProtect.KERNEL32(?,?,?,?,?,?,70A01278), ref: 70A954DD
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • Unknown pseudo relocation protocol version %d., xrefs: 70A9565E
                                                                                                                                                                                            • Unknown pseudo relocation bit size %d., xrefs: 70A9564A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ProtectVirtual
                                                                                                                                                                                            • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.
                                                                                                                                                                                            • API String ID: 544645111-395989641
                                                                                                                                                                                            • Opcode ID: 339c15d006511560339925f517702310dc680788fc153389e1eef27aa90dbf79
                                                                                                                                                                                            • Instruction ID: c2c6cd297b62b67af0e8b0a24ea547c163ad2cc1381ce71c66efa484693f7156
                                                                                                                                                                                            • Opcode Fuzzy Hash: 339c15d006511560339925f517702310dc680788fc153389e1eef27aa90dbf79
                                                                                                                                                                                            • Instruction Fuzzy Hash: D0915C71B301408AEF1587B6D98274D63E3FB487A4FA48515DF1E8B7ACDA3DD9828708
                                                                                                                                                                                            Function 00007FFDFB1032AB Relevance: 16.6, APIs: 5, Strings: 6, Instructions: 127stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: atoi$strcmp
                                                                                                                                                                                            • String ID: ..\s\crypto\ts\ts_conf.c$accuracy$microsecs$millisecs$p$secs
                                                                                                                                                                                            • API String ID: 4175852868-1596076588
                                                                                                                                                                                            • Opcode ID: efeb6b76fb41c4696bb940acb148f12469781e6c2003824cd64f8240fdbac3f8
                                                                                                                                                                                            • Instruction ID: 60f18af847eadec8f16b521328fe1682ae15ec892f5d69c18d387fefb9171cf2
                                                                                                                                                                                            • Opcode Fuzzy Hash: efeb6b76fb41c4696bb940acb148f12469781e6c2003824cd64f8240fdbac3f8
                                                                                                                                                                                            • Instruction Fuzzy Hash: D351A066B0A68796EB04AB66A820DB937E0BF45B88F444435ED6E437FDDF3CE5458300
                                                                                                                                                                                            Function 70A2D210 Relevance: 16.6, APIs: 8, Strings: 3, Instructions: 99stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strcmp
                                                                                                                                                                                            • String ID: 3des$name != NULL$src/misc/crypt/crypt_find_hash.c
                                                                                                                                                                                            • API String ID: 1004003707-2898822856
                                                                                                                                                                                            • Opcode ID: 464357bab5226c83230ff7ddc98dea84ff7d6811791d22299b2bc95c1f275a7e
                                                                                                                                                                                            • Instruction ID: 5022d37041c2fbf0fcf86327de083f34fbc634a46c5a561c130f4ceb8ae49d10
                                                                                                                                                                                            • Opcode Fuzzy Hash: 464357bab5226c83230ff7ddc98dea84ff7d6811791d22299b2bc95c1f275a7e
                                                                                                                                                                                            • Instruction Fuzzy Hash: D231726234628689DE15CB52E7947FD6361EF887D6F4081289E0B8F949DF18E50BC351
                                                                                                                                                                                            Function 70A226B0 Relevance: 16.6, APIs: 11, Instructions: 86memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$AdaptersAddressesFree$Allocinet_ntoa
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1708681428-0
                                                                                                                                                                                            • Opcode ID: 4f5458f5089b5a7e86f07b6741ba0edd552bcacc8860df83db74114d2a597805
                                                                                                                                                                                            • Instruction ID: d4e88b45d54be817ce87f14d87ca7e29a9b9b7d57c5dde50ed2d03b06efca719
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f5458f5089b5a7e86f07b6741ba0edd552bcacc8860df83db74114d2a597805
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D21E2217086549AE704DBB6FD11B1F67A2BBC8BD5F04823AAE0D577A8DE3CE5418700
                                                                                                                                                                                            Function 70A22A90 Relevance: 16.6, APIs: 11, Instructions: 78memorynetworkCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Heap$Process$Free$Alloc$NetworkParams
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3483679945-0
                                                                                                                                                                                            • Opcode ID: 36608fc77a87cb34de43f92055041f1a1aaff40ac3dd4ab04145464c7a4fbbcb
                                                                                                                                                                                            • Instruction ID: 4bab2a93c6f0099debb89e4662b31fead0e755f2839724a4dbe2546530b70343
                                                                                                                                                                                            • Opcode Fuzzy Hash: 36608fc77a87cb34de43f92055041f1a1aaff40ac3dd4ab04145464c7a4fbbcb
                                                                                                                                                                                            • Instruction Fuzzy Hash: D311571170560568DA15EBB3FD1076E97922FCDBE4F488236AD2D973ACEE3CE5028310
                                                                                                                                                                                            Function 70A14CF0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 189stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strrchr
                                                                                                                                                                                            • String ID: <frozen %s$__init__.py
                                                                                                                                                                                            • API String ID: 3418686817-1237021342
                                                                                                                                                                                            • Opcode ID: 439e6feb79bed36a256749ea8ae4fe06bb98eb112d7af6dde0f67c8bdea58851
                                                                                                                                                                                            • Instruction ID: 9c19d6ea131b4973b6fc81154cacc5f76206a33d24a75c2d4fbb7ded33e5ea40
                                                                                                                                                                                            • Opcode Fuzzy Hash: 439e6feb79bed36a256749ea8ae4fe06bb98eb112d7af6dde0f67c8bdea58851
                                                                                                                                                                                            • Instruction Fuzzy Hash: 965128123156955AEF118F26E5007DD6771B789FC8F888425EE4A1B78CFA7CD686C310
                                                                                                                                                                                            Function 70A95900 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: signal
                                                                                                                                                                                            • String ID: CCG
                                                                                                                                                                                            • API String ID: 1946981877-1584390748
                                                                                                                                                                                            • Opcode ID: 727af3ef836dd6ac1d00c635e4c77c9315162afd1b24af48d1e8e889c9b87ffe
                                                                                                                                                                                            • Instruction ID: ebb13e2c12078f6e1431d13dcf628bbebaa3c901337a66821697bb7e28559f4b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 727af3ef836dd6ac1d00c635e4c77c9315162afd1b24af48d1e8e889c9b87ffe
                                                                                                                                                                                            • Instruction Fuzzy Hash: B73170607341008AFF25427A85A732C11D6AB8D3B8F25871A996F873FCCD19DCC5531E
                                                                                                                                                                                            Function 00007FF7227E6FA0 Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 52windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32(00000000,00007FF7227E2690), ref: 00007FF7227E6FC7
                                                                                                                                                                                            • FormatMessageW.KERNEL32(00000000,00007FF7227E2690), ref: 00007FF7227E6FF6
                                                                                                                                                                                            • WideCharToMultiByte.KERNEL32 ref: 00007FF7227E704C
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: GetLastError.KERNEL32(00000000,00000000,00000000,00007FF7227E7233,?,?,?,?,?,?,?,?,?,?,?,00007FF7227E101D), ref: 00007FF7227E2644
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2610: MessageBoxW.USER32 ref: 00007FF7227E271C
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastMessage$ByteCharFormatMultiWide
                                                                                                                                                                                            • String ID: Failed to encode wchar_t as UTF-8.$FormatMessageW$No error messages generated.$PyInstaller: FormatMessageW failed.$PyInstaller: pyi_win32_utils_to_utf8 failed.$WideCharToMultiByte
                                                                                                                                                                                            • API String ID: 2920928814-2573406579
                                                                                                                                                                                            • Opcode ID: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                            • Instruction ID: 8cd69832570acf0a4db6f9c8f8a7ec1fd27444ae683478f07ae315f61b1d761a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a12c33edb148940672c099e74b863588d93d4457ec079783bd0d804bbb9806a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 09213061A1CA82A1FB60BB11EC542AAA3A5FF49384FC40135D64D427A4EFBCD655CF30
                                                                                                                                                                                            Function 70A2D690 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • hash != NULL, xrefs: 70A2D8FE
                                                                                                                                                                                            • src/misc/crypt/crypt_register_hash.c, xrefs: 70A2D8F7
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memcmp
                                                                                                                                                                                            • String ID: hash != NULL$src/misc/crypt/crypt_register_hash.c
                                                                                                                                                                                            • API String ID: 1475443563-1465673959
                                                                                                                                                                                            • Opcode ID: d074f32d5c0fa2d950b386af87f01a1331de20546da92a036df862c2cae5b56c
                                                                                                                                                                                            • Instruction ID: 24c3099d925a3f908a11c372cc841be4996ae8772903ec2a6ce8e291755bc9ee
                                                                                                                                                                                            • Opcode Fuzzy Hash: d074f32d5c0fa2d950b386af87f01a1331de20546da92a036df862c2cae5b56c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D616C3331074486E750CB26E984B9E73A8F788BD8F508029DF8A87758DF39E55AC354
                                                                                                                                                                                            Function 70A2D920 Relevance: 15.2, APIs: 8, Strings: 2, Instructions: 158COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • src/misc/crypt/crypt_register_prng.c, xrefs: 70A2DB4F
                                                                                                                                                                                            • prng != NULL, xrefs: 70A2DB56
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memcmp
                                                                                                                                                                                            • String ID: prng != NULL$src/misc/crypt/crypt_register_prng.c
                                                                                                                                                                                            • API String ID: 1475443563-58737364
                                                                                                                                                                                            • Opcode ID: 218bb2839e06c975f6307cab8145e91dec6a6cee5752b9f46463fe2b4326b6a8
                                                                                                                                                                                            • Instruction ID: 3ccd453ff670c1ed31a4aeeeada7202f50ff79498c82cb23fdcee01ac5c328f5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 218bb2839e06c975f6307cab8145e91dec6a6cee5752b9f46463fe2b4326b6a8
                                                                                                                                                                                            • Instruction Fuzzy Hash: DC518E33310B9496D750CF12E984B9E7368F788BC5F45413ADF5A83644EB78E559C710
                                                                                                                                                                                            Function 00007FFDFB104B3D Relevance: 15.1, APIs: 3, Strings: 7, Instructions: 127stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strncmp
                                                                                                                                                                                            • String ID: , value=$..\s\crypto\x509v3\v3_conf.c$/$ASN1:$DER:$critical,$name=
                                                                                                                                                                                            • API String ID: 1114863663-1429737502
                                                                                                                                                                                            • Opcode ID: fa9dcb5958271daa3e2a324d8ca326ef0272130a5644930e9fe95100a0dccc46
                                                                                                                                                                                            • Instruction ID: 4fbaf1053a0905210c44db61a5200d2c405005fb56b49244ae41bf374369405b
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa9dcb5958271daa3e2a324d8ca326ef0272130a5644930e9fe95100a0dccc46
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7041B162F4A68742FB10AB22A920B7A66E1FB45BD8F088534DD6D477FDDE3CE5448700
                                                                                                                                                                                            Function 70A2D360 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 108stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strcmp
                                                                                                                                                                                            • String ID: name != NULL$src/misc/crypt/crypt_find_prng.c
                                                                                                                                                                                            • API String ID: 1004003707-2030105502
                                                                                                                                                                                            • Opcode ID: 5cbf8aaeb0cf756e4082b2c299a9473fdef5e9414b9ec32f93ee8afcfb714adf
                                                                                                                                                                                            • Instruction ID: ba21aaf8fab1174460ad14d804765318f2b421dabd07186d6a53c9d6848ec903
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5cbf8aaeb0cf756e4082b2c299a9473fdef5e9414b9ec32f93ee8afcfb714adf
                                                                                                                                                                                            • Instruction Fuzzy Hash: E731B3A334264649EE14DE62E7D43BD6361EF89BC6F0041389E4B8B95DDB28E50BC351
                                                                                                                                                                                            Function 70A2D0C0 Relevance: 15.1, APIs: 8, Strings: 2, Instructions: 99stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • name != NULL, xrefs: 70A2D1F8
                                                                                                                                                                                            • src/misc/crypt/crypt_find_cipher.c, xrefs: 70A2D1F1
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strcmp
                                                                                                                                                                                            • String ID: name != NULL$src/misc/crypt/crypt_find_cipher.c
                                                                                                                                                                                            • API String ID: 1004003707-679692990
                                                                                                                                                                                            • Opcode ID: 15c8e9be63cb7d01a88cd149f8cb9d390188a247097153960caf0327d89c631a
                                                                                                                                                                                            • Instruction ID: 1e8da41a102762bd96b7f0ba5eb90a4823bb3e01260c1154a898f8d1a70a0a3d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 15c8e9be63cb7d01a88cd149f8cb9d390188a247097153960caf0327d89c631a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C31846334618689EF14CA52AF957BD6361EF89BC5F008239DE0B8BD5DDB18D60BC350
                                                                                                                                                                                            Function 70A3C910 Relevance: 13.7, APIs: 6, Strings: 3, Instructions: 168COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: malloc
                                                                                                                                                                                            • String ID: mask != NULL$seed != NULL$src/pk/pkcs1/pkcs_1_mgf1.c
                                                                                                                                                                                            • API String ID: 2803490479-2931318352
                                                                                                                                                                                            • Opcode ID: a41bf6304092f0e12ee6b2b48442d8b4c607de8f101fac0571f231d182ff6aa5
                                                                                                                                                                                            • Instruction ID: 9a0b2ca27a94c3b9f6e7c6f4008649c6dc24744ae5db97d4a56896b3e8a56bbc
                                                                                                                                                                                            • Opcode Fuzzy Hash: a41bf6304092f0e12ee6b2b48442d8b4c607de8f101fac0571f231d182ff6aa5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 98512772B181944ADB12CF31AD1577EFBA2EB49BC4F858018DE4B47A0DEB39D905C710
                                                                                                                                                                                            Function 70A06D50 Relevance: 12.5, APIs: 3, Strings: 5, Instructions: 485COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it, xrefs: 70A072FA
                                                                                                                                                                                            • obfmode.c, xrefs: 70A07450
                                                                                                                                                                                            • <lambda>, xrefs: 70A06DF0
                                                                                                                                                                                            • lambda_, xrefs: 70A06E13
                                                                                                                                                                                            • code, xrefs: 70A07457
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memcpy
                                                                                                                                                                                            • String ID: <lambda>$The function '%s' could not be obufscated with advanced mode 2, insert one redundant line '[None, None]' at the beginning of this function to fix it$code$lambda_$obfmode.c
                                                                                                                                                                                            • API String ID: 3510742995-709486575
                                                                                                                                                                                            • Opcode ID: c4716056c2122c0a339fa145195c923bf375f4e1c5816e5f35935589c52cb295
                                                                                                                                                                                            • Instruction ID: 69ca25bbf8cbcc539b5eabc4761f5a7e7bf4c28ccf3e759263da0b8e627adb18
                                                                                                                                                                                            • Opcode Fuzzy Hash: c4716056c2122c0a339fa145195c923bf375f4e1c5816e5f35935589c52cb295
                                                                                                                                                                                            • Instruction Fuzzy Hash: E112E332F09A84C6DB11CB25F9407AD77A1F789B90F108616EE5A47B6CEB3CD545CB00
                                                                                                                                                                                            Function 00007FFDFB1060D2 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 227COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Fiber$Switch$CreateDeletememmove
                                                                                                                                                                                            • String ID: *$..\s\crypto\async\async.c
                                                                                                                                                                                            • API String ID: 81049052-1471988776
                                                                                                                                                                                            • Opcode ID: 554c6f6e5e7d4601f5553937bc84c0f1342643dca3a6105ae256cf26c056c5c6
                                                                                                                                                                                            • Instruction ID: 9e49ef5d1c5e6b2f0a16cfc2a044d1a819d729d1eb83fe404aa8f2ee6e693f9e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 554c6f6e5e7d4601f5553937bc84c0f1342643dca3a6105ae256cf26c056c5c6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 63A15772B0AA4396EB20DF15E460AB963A0EF44B88F548035DAAD477F9EF3CE555C700
                                                                                                                                                                                            Function 70A07980 Relevance: 12.3, APIs: 3, Strings: 5, Instructions: 275stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strlenstrstr
                                                                                                                                                                                            • String ID: <lambda>$co_names$code$lambda_$obfmode.c
                                                                                                                                                                                            • API String ID: 2393776628-2864150894
                                                                                                                                                                                            • Opcode ID: fa60d14edacd4303a7aef9ee630c0b1a42870550b28da1bd2770e74e85f5b7b7
                                                                                                                                                                                            • Instruction ID: 28718279c2b9c6404c55f553674a8bc5d2bc9fea9dbb9fdeefb8f945cc3b1021
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa60d14edacd4303a7aef9ee630c0b1a42870550b28da1bd2770e74e85f5b7b7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 11B1AE62B19B88C5EB11CB12F94176D67A0FB9ABC4F444625DE8E07768EF3CE645C700
                                                                                                                                                                                            Function 70A30830 Relevance: 12.2, APIs: 3, Strings: 5, Instructions: 196COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: in != NULL$key != NULL$out != NULL$outlen != NULL$src/pk/rsa/rsa_sign_hash.c
                                                                                                                                                                                            • API String ID: 0-3034240082
                                                                                                                                                                                            • Opcode ID: 5bd07b897cf90f6f89350b3f5f6255c2338198fd783aa3f6e7c238f845e7bfaa
                                                                                                                                                                                            • Instruction ID: bcea12ab981edad99553476f61774d495beecea19f77f84b1acdba4803a9438a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5bd07b897cf90f6f89350b3f5f6255c2338198fd783aa3f6e7c238f845e7bfaa
                                                                                                                                                                                            • Instruction Fuzzy Hash: 378139726086C48AE720CF11E564B9EB7A4F388788F904525EE8A97B5CDB3DD544CF40
                                                                                                                                                                                            Function 00007FFDFB3023E0 Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 190stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memsetstrncpy
                                                                                                                                                                                            • String ID: , failure codes: $, status text: $..\s\crypto\ts\ts_rsp_verify.c$status code: $unknown code$unspecified
                                                                                                                                                                                            • API String ID: 388311670-2553778726
                                                                                                                                                                                            • Opcode ID: 9ad9c937f9b0233f8af789fdb6f7b05f0e9d166c4cca3fb3244e7617109f9e48
                                                                                                                                                                                            • Instruction ID: 330a1ea7ab5eb7c7d525fc9aea2ac9fbc4fb124f2b291269fef3fbcab59c42bb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9ad9c937f9b0233f8af789fdb6f7b05f0e9d166c4cca3fb3244e7617109f9e48
                                                                                                                                                                                            • Instruction Fuzzy Hash: BD818F22B4A68786E710BB11A860BB977E0FF85788F894035DAAD437E9DF3CE0458700
                                                                                                                                                                                            Function 70A33110 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 127COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: callocfree
                                                                                                                                                                                            • String ID: in != NULL$inlen != 0$public_key_len != NULL$src/pk/asn1/der/sequence/der_decode_subject_public_key_info.c
                                                                                                                                                                                            • API String ID: 306872129-3913984646
                                                                                                                                                                                            • Opcode ID: 662745629ee3902020316fb88a8a62945f6c4869adbd1b4081a0a8de014e681b
                                                                                                                                                                                            • Instruction ID: 2ad7212aa4f239297713717a90a29d011b25a8a2cd5a5885b511abf1fb35dcae
                                                                                                                                                                                            • Opcode Fuzzy Hash: 662745629ee3902020316fb88a8a62945f6c4869adbd1b4081a0a8de014e681b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 144168727182C08AEB718B56E9407DEB6A5F7D8384F80421A9E8A47B5CDB7CD545CB40
                                                                                                                                                                                            Function 70A03940 Relevance: 12.1, APIs: 3, Strings: 5, Instructions: 75COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: sprintf$malloc
                                                                                                                                                                                            • String ID: %s%s$', %d)$(__name__, __file__, b'$\x%02x$__pyarmor__
                                                                                                                                                                                            • API String ID: 1197820334-965320081
                                                                                                                                                                                            • Opcode ID: 5127fce4ec5a67789d686ae6a14468ce0f27d91af1717806ed083a98e976e436
                                                                                                                                                                                            • Instruction ID: 80f78f282403ac8426d36abc0e1a6a37d9d526a3a805298e8854f25e872aca88
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5127fce4ec5a67789d686ae6a14468ce0f27d91af1717806ed083a98e976e436
                                                                                                                                                                                            • Instruction Fuzzy Hash: B5210527B2161AA6DF04CB16EE007AD2755FB49BD8F848621DE4E57318EA3CF84BC300
                                                                                                                                                                                            Function 70A951B0 Relevance: 10.7, APIs: 3, Strings: 3, Instructions: 156COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • VirtualQuery failed for %d bytes at address %p, xrefs: 70A95388
                                                                                                                                                                                            • VirtualProtect failed with code 0x%x, xrefs: 70A9533A
                                                                                                                                                                                            • Address %p has no image-section, xrefs: 70A95399
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: QueryVirtual
                                                                                                                                                                                            • String ID: VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section
                                                                                                                                                                                            • API String ID: 1804819252-2123141913
                                                                                                                                                                                            • Opcode ID: 45c7f9d79dc437a4fbeb1dfdcba53b9c7f362df38b7f26e5502aa6f87964a70d
                                                                                                                                                                                            • Instruction ID: ced9c986f56f9a87b9941e0458fc4f1a6d41a72cecf00f27e5810157421442ad
                                                                                                                                                                                            • Opcode Fuzzy Hash: 45c7f9d79dc437a4fbeb1dfdcba53b9c7f362df38b7f26e5502aa6f87964a70d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5451B172B21B40CADB118F36E94279D77E5B748BA4F448215EE1E4B3ACDB38DA41C708
                                                                                                                                                                                            Function 70A965A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 137stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _stat64$freemallocstrlen
                                                                                                                                                                                            • String ID: <unknown>
                                                                                                                                                                                            • API String ID: 2817875163-1574992787
                                                                                                                                                                                            • Opcode ID: 5de89a2566f29d22f67eb05d831bfbd7b4597e754e1c9548bbcdaf0f3e37cb61
                                                                                                                                                                                            • Instruction ID: fcff6864f94721808232cda1c4283ee35a4e7d54a35b92fa3991a0573792f53d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5de89a2566f29d22f67eb05d831bfbd7b4597e754e1c9548bbcdaf0f3e37cb61
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D51F26232879089DB198F22D08136E77F6EF4DB99F14801AEB860775CD73EC849CB59
                                                                                                                                                                                            Function 00007FFDFB1054C5 Relevance: 10.6, APIs: 3, Strings: 4, Instructions: 121stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strchr$memmove
                                                                                                                                                                                            • String ID: characters$ to $..\s\crypto\ui\ui_lib.c$You must type in
                                                                                                                                                                                            • API String ID: 1080442166-3422546668
                                                                                                                                                                                            • Opcode ID: 058cebb37ec07b436eb0b80b8ced75f7358d0c981b7b5530fb3ba3095bcba817
                                                                                                                                                                                            • Instruction ID: a02bdd8cb8c7d8508a78006df36b1a4636ef1abaf10c2b345c6322fa4543eff5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 058cebb37ec07b436eb0b80b8ced75f7358d0c981b7b5530fb3ba3095bcba817
                                                                                                                                                                                            • Instruction Fuzzy Hash: 32517D62B4A69386EB21AF24D860A7827A0EF4578CF084132DAAD476EDCF3CE514D740
                                                                                                                                                                                            Function 00007FFDFB103CFC Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 114stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _stricmpstrchrstrncmp
                                                                                                                                                                                            • String ID: ..\s\crypto\store\store_lib.c$T$file
                                                                                                                                                                                            • API String ID: 3017659097-909561481
                                                                                                                                                                                            • Opcode ID: 9b92abe0c2c31ba7c862bc6e88b4d23d062a7bf3bf3367caf44f2b77a75aa123
                                                                                                                                                                                            • Instruction ID: 4301fd6394ef95407bf97aab3bef5f5c96ed3d48cd6b676c5e2fea95833adebb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b92abe0c2c31ba7c862bc6e88b4d23d062a7bf3bf3367caf44f2b77a75aa123
                                                                                                                                                                                            • Instruction Fuzzy Hash: EA417232B0AA87D6EB11AB11E8609A9B7A0FB48BC8F444035DE5D477A9EF3CE515D700
                                                                                                                                                                                            Function 00007FF7227E5FD0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF7227E7490: MultiByteToWideChar.KERNEL32 ref: 00007FF7227E74CA
                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(00000000,00007FF7227E631F,?,00000000,?,TokenIntegrityLevel), ref: 00007FF7227E602F
                                                                                                                                                                                              • Part of subcall function 00007FF7227E2760: MessageBoxW.USER32 ref: 00007FF7227E2831
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • LOADER: Failed to expand environment variables in the runtime-tmpdir., xrefs: 00007FF7227E6043
                                                                                                                                                                                            • LOADER: Failed to obtain the absolute path of the runtime-tmpdir., xrefs: 00007FF7227E608A
                                                                                                                                                                                            • LOADER: Failed to convert runtime-tmpdir to a wide string., xrefs: 00007FF7227E6006
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                            • String ID: LOADER: Failed to convert runtime-tmpdir to a wide string.$LOADER: Failed to expand environment variables in the runtime-tmpdir.$LOADER: Failed to obtain the absolute path of the runtime-tmpdir.
                                                                                                                                                                                            • API String ID: 1662231829-3498232454
                                                                                                                                                                                            • Opcode ID: a4ffd2c6e21663c494c1ccd148bacda67934ce9c792482064e62d0577ff9622d
                                                                                                                                                                                            • Instruction ID: f04266c33264404c53ae643d05533ccab87f53c35b0beec51ab34061a22fe5d9
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4ffd2c6e21663c494c1ccd148bacda67934ce9c792482064e62d0577ff9622d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 13315051B1D6C2A1FA61B725ED152BA9291EF9E780FC44035DB4E42796EEBCE204CA30
                                                                                                                                                                                            Function 00007FFDFB1039B8 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 74fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _chmod_stat64i32fclosefwrite
                                                                                                                                                                                            • String ID: ..\s\crypto\rand\randfile.c$Filename=
                                                                                                                                                                                            • API String ID: 4260490851-2201148535
                                                                                                                                                                                            • Opcode ID: ffb6a3000f1f43db175e07ee08783f9f81d8d84b3e7221bb60cce5b0c7cc5f2d
                                                                                                                                                                                            • Instruction ID: 1c8a7db5f6b39fd85f897851b967aadd1a2cf6359a03e8a88e83618ea9b90728
                                                                                                                                                                                            • Opcode Fuzzy Hash: ffb6a3000f1f43db175e07ee08783f9f81d8d84b3e7221bb60cce5b0c7cc5f2d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0C315262B0E64782EB20EB15E460AB96391FF45B88F844035DA6D47AEDDF3CF514CB00
                                                                                                                                                                                            Function 70A0EE30 Relevance: 9.2, APIs: 2, Strings: 4, Instructions: 220COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: Internal buffer error$This function could not be called from the plain script$code$obfmode.c
                                                                                                                                                                                            • API String ID: 0-1583419685
                                                                                                                                                                                            • Opcode ID: 9a9588439eea7ecd58c56589ada3d3bc3db08017a881e08a403e04b43008c196
                                                                                                                                                                                            • Instruction ID: d6031a9ed4d2aa6d2614b9b967fee086bbfa1c3a210942416ca5464a5648e8d7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9a9588439eea7ecd58c56589ada3d3bc3db08017a881e08a403e04b43008c196
                                                                                                                                                                                            • Instruction Fuzzy Hash: DCA17B72A1AA49D5EB01CF15FD903593360F799B85F404A26DE5E47B28EF3CEA89C700
                                                                                                                                                                                            Function 00007FFDFB10648D Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strncmp
                                                                                                                                                                                            • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                            • API String ID: 1114863663-369496153
                                                                                                                                                                                            • Opcode ID: ddb8bcea3cefd020a4e8a34bae29a66c7c6434e734eea52e0975a0b147bfa819
                                                                                                                                                                                            • Instruction ID: d8feb18fd82bb1f3ef1ae4c7df4e8de8eef0fffdc77b1c7860c7e06d680ce5ff
                                                                                                                                                                                            • Opcode Fuzzy Hash: ddb8bcea3cefd020a4e8a34bae29a66c7c6434e734eea52e0975a0b147bfa819
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6E419012B4A69742FB10AB26A920B7A66D0AB04BD8F0C9434DD6E477FDDE3CE4908740
                                                                                                                                                                                            Function 70A22F50 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 109stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: sprintf$strlen
                                                                                                                                                                                            • String ID: /%d:$No any serial number of harddisk got$platforms/windows/hdinfo.c
                                                                                                                                                                                            • API String ID: 3793847852-3769243694
                                                                                                                                                                                            • Opcode ID: e0123901aed77ea2fe2f5641d07ce66e0622fcb6e6c2f62f9897630a9412305b
                                                                                                                                                                                            • Instruction ID: cbc323ae52ea0bdf9f25663119b11b9115762730303c812b22a661c2600b351c
                                                                                                                                                                                            • Opcode Fuzzy Hash: e0123901aed77ea2fe2f5641d07ce66e0622fcb6e6c2f62f9897630a9412305b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A318263F190506DEB118739FD503AD6762A7CABE2F588231DD26477DCD53989D6C300
                                                                                                                                                                                            Function 00007FFDFB104DF4 Relevance: 9.1, APIs: 3, Strings: 3, Instructions: 108stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strncmp
                                                                                                                                                                                            • String ID: ASN1:$DER:$critical,
                                                                                                                                                                                            • API String ID: 1114863663-369496153
                                                                                                                                                                                            • Opcode ID: 9dcb5025aebed33bc3ac4bc51b42553d44f8733820fabb1b2b7665fe447d2112
                                                                                                                                                                                            • Instruction ID: dd2cffe7ef2fdad653aab574460ae2d2a575a83be4825effeb9250138fae9d7a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9dcb5025aebed33bc3ac4bc51b42553d44f8733820fabb1b2b7665fe447d2112
                                                                                                                                                                                            • Instruction Fuzzy Hash: 26410522B1AA8356FB10AF25A860B7A66D0BB04BD4F089130DD6E477FDDE3CD4908740
                                                                                                                                                                                            Function 70A04900 Relevance: 9.1, APIs: 6, Instructions: 76COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: fclose$freefseekmalloc
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1339445139-0
                                                                                                                                                                                            • Opcode ID: fb2f067e3bd81d461955686dc85af8f3ef903c9814697262ba01f1c5ab3d79fd
                                                                                                                                                                                            • Instruction ID: 7a6d6b822305b16d9c389cc4b79372be7958b175777b5c4273f4cb1ab30257f1
                                                                                                                                                                                            • Opcode Fuzzy Hash: fb2f067e3bd81d461955686dc85af8f3ef903c9814697262ba01f1c5ab3d79fd
                                                                                                                                                                                            • Instruction Fuzzy Hash: 73110A537212290CEE55AB673F1236F42C25FC9BE1F088630AD1E4779CFC78A4818305
                                                                                                                                                                                            Function 70A024C0 Relevance: 9.0, APIs: 3, Strings: 3, Instructions: 40stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strlen$malloc
                                                                                                                                                                                            • String ID: %s%c%s$\$license.lic
                                                                                                                                                                                            • API String ID: 3157260142-3068191871
                                                                                                                                                                                            • Opcode ID: 5adf3f5d1d35b6e4926f7a2d288f8e1a1b5244bf19ebae5aa32487b9d187c434
                                                                                                                                                                                            • Instruction ID: 8b429b5fcf0b8b155993a3a6f3c5f391319645be3028a3ff2655cde564351edb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5adf3f5d1d35b6e4926f7a2d288f8e1a1b5244bf19ebae5aa32487b9d187c434
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1EF02422B5134888EC128B02BE0139DA398AF89BE4F8C81305E0E07768FA3CE5868344
                                                                                                                                                                                            Function 00007FFDFB1C7060 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 129networkCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: getnameinfohtonsmemset
                                                                                                                                                                                            • String ID: $..\s\crypto\bio\b_addr.c
                                                                                                                                                                                            • API String ID: 165288700-1606403076
                                                                                                                                                                                            • Opcode ID: 6a733d82829565a3cbef5203448c5177636367096b751f2c6cdd4196cb21ac5f
                                                                                                                                                                                            • Instruction ID: f051058a0f0ef21631823fa1332f71700889032445e23456f6ca997a160189a7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a733d82829565a3cbef5203448c5177636367096b751f2c6cdd4196cb21ac5f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 32519562F0A64386FB209F11E421AB973A0EF50788F444035EA9D476FDEF7DE5958740
                                                                                                                                                                                            Function 00007FF7227F43E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                            • Instruction ID: 8bbb63d341384cd7b7d63d93b5626af27655430b138f70a521e6df894611d23f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a160c9bdce1f9d43ea406b437463d4fa60eb1ab7842eb725466103b76bc2848
                                                                                                                                                                                            • Instruction Fuzzy Hash: 38F03061B1D64282FB58AF50EC54378A3A0FF49B41FC41035D65F46660CEBCD658CB30
                                                                                                                                                                                            Function 00007FFDFB101762 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 203COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: $$..\s\crypto\rsa\rsa_sign.c
                                                                                                                                                                                            • API String ID: 0-1864662394
                                                                                                                                                                                            • Opcode ID: 5be8950669065cf38b90a0ebdc6f30fdb2fef65e54fc5a44b632af0f9284c8ab
                                                                                                                                                                                            • Instruction ID: 79b64d6c76ded15fd5f3f662fa8fdd498d197b17b514cbdd9c91ae78b97a6693
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5be8950669065cf38b90a0ebdc6f30fdb2fef65e54fc5a44b632af0f9284c8ab
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8191C361B0F68386E7209B11E060BB976A0FB48784F448535DEAD87BEDDF7CE6418704
                                                                                                                                                                                            Function 00007FF7227F7748 Relevance: 7.7, APIs: 5, Instructions: 202COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF7227F778A
                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7227F7707,?,?,?,00007FF7227F136B), ref: 00007FF7227F7848
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF7227F7707,?,?,?,00007FF7227F136B), ref: 00007FF7227F78D2
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleErrorLastMode_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2210144848-0
                                                                                                                                                                                            • Opcode ID: d06b69eb54db138b2fabc1b490ae97352d3858303d3e99d72cf8a1c469c90f76
                                                                                                                                                                                            • Instruction ID: 75f1611104f394da4cac92ab2df5fa9475cbc220f157158fa30ad8cfb6519c3e
                                                                                                                                                                                            • Opcode Fuzzy Hash: d06b69eb54db138b2fabc1b490ae97352d3858303d3e99d72cf8a1c469c90f76
                                                                                                                                                                                            • Instruction Fuzzy Hash: 46817722E1C65289FB10AB658C402F9A6A0FB4AB94FD44132DF0E53791DFB8E855CB30
                                                                                                                                                                                            Function 00007FFDFB101ED3 Relevance: 7.7, APIs: 2, Strings: 3, Instructions: 166COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memmove
                                                                                                                                                                                            • String ID: ..\s\crypto\pem\pem_lib.c$;$Enter PEM pass phrase:
                                                                                                                                                                                            • API String ID: 2162964266-3733131234
                                                                                                                                                                                            • Opcode ID: bdc686fb8aba523b28e55b03942bb12ed9c37acd52b0f3eb95ac45e93db571c2
                                                                                                                                                                                            • Instruction ID: f8552b5b94151561465b5989970ba8ca9d429b61248c48c0633690d7a30f0825
                                                                                                                                                                                            • Opcode Fuzzy Hash: bdc686fb8aba523b28e55b03942bb12ed9c37acd52b0f3eb95ac45e93db571c2
                                                                                                                                                                                            • Instruction Fuzzy Hash: D271C662B096838AEB20DB51E4A0BAA7390FF84798F444135EBAD876DDDF3CD505CB00
                                                                                                                                                                                            Function 70A32330 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: N != NULL$src/math/rand_prime.c
                                                                                                                                                                                            • API String ID: 0-3192267683
                                                                                                                                                                                            • Opcode ID: 5d8379644c24468e21ca846d65688a4a95fb3662f13fd0de23da40a808fbdf48
                                                                                                                                                                                            • Instruction ID: e83ab51073c3498109e51c549f92599b95bb0d356d7a6343acc4c200262eb79b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d8379644c24468e21ca846d65688a4a95fb3662f13fd0de23da40a808fbdf48
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1331277270425485E7118B16F84479EABA5F789FD8FC44125EE4E8BB6CDB3CC586C700
                                                                                                                                                                                            Function 70A94EF0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetSystemTimeAsFileTime.KERNEL32 ref: 70A94F35
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32 ref: 70A94F40
                                                                                                                                                                                            • GetCurrentThreadId.KERNEL32 ref: 70A94F49
                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 70A94F51
                                                                                                                                                                                            • QueryPerformanceCounter.KERNEL32 ref: 70A94F5E
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1445889803-0
                                                                                                                                                                                            • Opcode ID: f5d87bf7f0e3f8bbfa70d4cf8d71db31ffcf3f5bb4ca7de3311258b585774c07
                                                                                                                                                                                            • Instruction ID: e623e904c34ab3bce6138c36496c50d5c53e7756fe3b0b097cc6faa774dd11a2
                                                                                                                                                                                            • Opcode Fuzzy Hash: f5d87bf7f0e3f8bbfa70d4cf8d71db31ffcf3f5bb4ca7de3311258b585774c07
                                                                                                                                                                                            • Instruction Fuzzy Hash: 43119126B29B1186FB119B21F90431973A0B748BB5F0817319E9D43BA8DF3CE5868704
                                                                                                                                                                                            Function 70A024D6 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 26stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strlen$malloc
                                                                                                                                                                                            • String ID: %s%c%s$\
                                                                                                                                                                                            • API String ID: 3157260142-3534329225
                                                                                                                                                                                            • Opcode ID: d29d0c8999ea75dd5e949018dc17c002143faed2992bcdbd30759a4d41fb7843
                                                                                                                                                                                            • Instruction ID: d0c969897b5a35f87c69745b3451d3a9bc0593bc9381023adeec69f8b9af8d08
                                                                                                                                                                                            • Opcode Fuzzy Hash: d29d0c8999ea75dd5e949018dc17c002143faed2992bcdbd30759a4d41fb7843
                                                                                                                                                                                            • Instruction Fuzzy Hash: DAE0D8617513444DDD15DB02BE1125DA2C49F89BD8F8C81345D4E13B68EE3CF1868744
                                                                                                                                                                                            Function 70A73900 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 233fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: abortfwrite
                                                                                                                                                                                            • String ID: '$illegal index register
                                                                                                                                                                                            • API String ID: 1067672060-451399654
                                                                                                                                                                                            • Opcode ID: b5513bfd8cfe42802b2ec78025f659bb4d839320a4c8f6a0af50cf237da25261
                                                                                                                                                                                            • Instruction ID: 211e27df0bf59bf58fe276048d2fe8f546a4cb213ce258a45231abf7bbd364a8
                                                                                                                                                                                            • Opcode Fuzzy Hash: b5513bfd8cfe42802b2ec78025f659bb4d839320a4c8f6a0af50cf237da25261
                                                                                                                                                                                            • Instruction Fuzzy Hash: C3917E73619B89C4DB128F3DE850A4C7F65E399F88B9AD112CB4D47718CA7EC856C311
                                                                                                                                                                                            Function 00007FFDFB102833 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: ..\s\crypto\async\async.c$T
                                                                                                                                                                                            • API String ID: 0-2182492907
                                                                                                                                                                                            • Opcode ID: 29c537cca2420da9e8fef9fa4f26e5789a57f151610cf42d41ee414b5abf311a
                                                                                                                                                                                            • Instruction ID: f256f79c6898816f3569e75cae3d6073cdaa92215ba716699f6aab4ec2addc50
                                                                                                                                                                                            • Opcode Fuzzy Hash: 29c537cca2420da9e8fef9fa4f26e5789a57f151610cf42d41ee414b5abf311a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2A516A32F0A64386EB20AB11E420DF977A1EF45788F444035DAAD47AEDDF3DE5098B00
                                                                                                                                                                                            Function 70A0FEA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 109COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • This function could not be called from the plain script, xrefs: 70A10038
                                                                                                                                                                                            • Invalid license, xrefs: 70A10017
                                                                                                                                                                                            • Internal buffer error, xrefs: 70A10067
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _time64
                                                                                                                                                                                            • String ID: Internal buffer error$Invalid license$This function could not be called from the plain script
                                                                                                                                                                                            • API String ID: 1670930206-992726897
                                                                                                                                                                                            • Opcode ID: e1ab7cfaf49cd4123e19af3f7a37b6dc203b4641975dd2cfe730abcce2f650ac
                                                                                                                                                                                            • Instruction ID: 489246572c47e82a6237a046f2aebc35bfe705fcd7f37b711a2615ceb242a141
                                                                                                                                                                                            • Opcode Fuzzy Hash: e1ab7cfaf49cd4123e19af3f7a37b6dc203b4641975dd2cfe730abcce2f650ac
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5C415C32A09A0AC1EB118B25FC9035D73A4FBD9B90F544B26C94E93778EF3CD686C201
                                                                                                                                                                                            Function 00007FF7227E24C0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                            • String ID: %s%s: %s$Fatal error detected
                                                                                                                                                                                            • API String ID: 1878133881-2410924014
                                                                                                                                                                                            • Opcode ID: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                            • Instruction ID: 13f7b861fe1da86fffa487aee00ee4e9d3fa3713969203eb2488572fcd0ec570
                                                                                                                                                                                            • Opcode Fuzzy Hash: 69d8018c69fa0ba47995e0ce162d6b42525d4d2d5850a1053315e8c6180101b4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2D31627162C6C291F620B710E8517EAA394FB89784F804035EB8D46B99DF7CD715CF60
                                                                                                                                                                                            Function 00007FFDFB10139D Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38networkCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastsocket
                                                                                                                                                                                            • String ID: ..\s\crypto\bio\b_sock2.c$2
                                                                                                                                                                                            • API String ID: 1120909799-2051290508
                                                                                                                                                                                            • Opcode ID: 7734bc7eb848a8c2f13e03d8370f2b6d25dc2938cf9324aa6d1bac55b8e4a966
                                                                                                                                                                                            • Instruction ID: 7212ce43686b8814b7c389c5073cdf5285dec9db4628f32feeb4a84f30165d00
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7734bc7eb848a8c2f13e03d8370f2b6d25dc2938cf9324aa6d1bac55b8e4a966
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2901AD72F1955382E7119B21A4209BE72A0FB40798F504635E6BC43AEDCF3DEA158B40
                                                                                                                                                                                            Function 70A224D0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • platforms/windows/hdinfo.c, xrefs: 70A22510
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                                                                                            • String ID: platforms/windows/hdinfo.c
                                                                                                                                                                                            • API String ID: 1365068426-3843089204
                                                                                                                                                                                            • Opcode ID: 4f9c9b38fdd8cd9d3f09ca1ccca40397f05075ae435e568d50ce60769f5b7dcc
                                                                                                                                                                                            • Instruction ID: b24e149ccaeba68b22007b3c40073f7ee7d07bfa331f8808a028aa2af37cc9bd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f9c9b38fdd8cd9d3f09ca1ccca40397f05075ae435e568d50ce60769f5b7dcc
                                                                                                                                                                                            • Instruction Fuzzy Hash: F8F06D31608E41C6E710AB11E81874BB771F3D9B85F604226EA8E43B68CF7DC24A8B40
                                                                                                                                                                                            Function 00007FFDFB10643D Relevance: 6.4, APIs: 2, Strings: 2, Instructions: 395COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memset
                                                                                                                                                                                            • String ID: ..\s\crypto\sm2\sm2_crypt.c$@
                                                                                                                                                                                            • API String ID: 2221118986-485510600
                                                                                                                                                                                            • Opcode ID: 3a06754cea5eb0ec96dbe4909cc778d6bfc2c8d89a622e3802520d8f5a813973
                                                                                                                                                                                            • Instruction ID: cacec971a1cce232dffb90e9fe88bb47472c7bf897ab506c029c1471f53c5fb7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3a06754cea5eb0ec96dbe4909cc778d6bfc2c8d89a622e3802520d8f5a813973
                                                                                                                                                                                            • Instruction Fuzzy Hash: 55029172B0AA8382EB10DB16E4609BA67A0FB84BC8F544135DA9D47BF9DF3DD505CB40
                                                                                                                                                                                            Function 70A96380 Relevance: 6.3, APIs: 5, Instructions: 65stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: mallocstrlen$free
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2585366504-0
                                                                                                                                                                                            • Opcode ID: 58d88c0c37228a1656931f1eb73e7fccb26075a40cc04a475957a29712ad9711
                                                                                                                                                                                            • Instruction ID: 320e233044c18f0d59fc071a806d672c8f310abb8660db1e1b5acbe002485e69
                                                                                                                                                                                            • Opcode Fuzzy Hash: 58d88c0c37228a1656931f1eb73e7fccb26075a40cc04a475957a29712ad9711
                                                                                                                                                                                            • Instruction Fuzzy Hash: CE1126527302A446D7199F32A6725BE6BE0DF8FFC8F44C025EE8B4771CEA289112C708
                                                                                                                                                                                            Function 00007FFDFB102DEC Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                            • String ID: Operation not permitted$unknown
                                                                                                                                                                                            • API String ID: 1452528299-31098287
                                                                                                                                                                                            • Opcode ID: 3eb7fdf123b224d789d6a34ffa9101ea107b745f6317a6d8691ddf250b284916
                                                                                                                                                                                            • Instruction ID: c20d65bc212df50b98f8548f35c734622eb5273958ef1e3c35f261864f34e92a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3eb7fdf123b224d789d6a34ffa9101ea107b745f6317a6d8691ddf250b284916
                                                                                                                                                                                            • Instruction Fuzzy Hash: 11811621F1A6438AEB109B51E974B7927A1FB85788F490035DD6E876FDDF3CE4419B00
                                                                                                                                                                                            Function 00007FFDFB10153C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memmove
                                                                                                                                                                                            • String ID: ..\s\crypto\ct\ct_oct.c
                                                                                                                                                                                            • API String ID: 2162964266-1972679481
                                                                                                                                                                                            • Opcode ID: 001598916b59f492c5d40c26b3b78ad4cdbaf8c9a9b5b747995d7ab98f2ce068
                                                                                                                                                                                            • Instruction ID: 800af0b3c69178247c5a8ac85baa13f989ec0c57c13fe46e48d6e68fa73e15e1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 001598916b59f492c5d40c26b3b78ad4cdbaf8c9a9b5b747995d7ab98f2ce068
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8571B662B4E69389E715DF2580206BC3BB0EB19B88F184136DEAD437EEDE2CD655C701
                                                                                                                                                                                            Function 00007FF722800CAC Relevance: 6.2, APIs: 4, Instructions: 159COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$_get_daylight
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 72036449-0
                                                                                                                                                                                            • Opcode ID: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                            • Instruction ID: 06025c61e590b75d838f1d0dda802f689c5c7586ce084c716794c409a6e2b3bd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 37c70a1ef6a079ec95ee04a40b31ce5c5df444ed978d8de4477b5a7606ce7098
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5E51D132E0C64282F76979289C1037AE6C0DF41714F998635DE0D562D6CEBEFA60DE72
                                                                                                                                                                                            Function 00007FFDFB1B3980 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 155stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: strncmp
                                                                                                                                                                                            • String ID: content-type
                                                                                                                                                                                            • API String ID: 1114863663-3266185539
                                                                                                                                                                                            • Opcode ID: 00a341a851545be2a8da524dcddeb1d98576832106f68cef986c537e7134ac14
                                                                                                                                                                                            • Instruction ID: c76bfe68adfd57accef0584b1e92af6eca1ee1b57712f005d69ddf70929931e3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 00a341a851545be2a8da524dcddeb1d98576832106f68cef986c537e7134ac14
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7251D313F0EA4341FB209726A970B7A5290AF45BDCF589631DDBD876EDEE2CE5118B00
                                                                                                                                                                                            Function 70A01010 Relevance: 6.1, APIs: 4, Instructions: 131sleepCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Sleep_amsg_exit
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1015461914-0
                                                                                                                                                                                            • Opcode ID: 53646180b168e37bc0d352e324a0aece84e6065f694417a0854dbf3d6e579899
                                                                                                                                                                                            • Instruction ID: 036e4f892ff51efac41c39f430c5ac5bfcc1bf02d2e0920655c5d7c27df65b38
                                                                                                                                                                                            • Opcode Fuzzy Hash: 53646180b168e37bc0d352e324a0aece84e6065f694417a0854dbf3d6e579899
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9F417F32B05548C9E7078F1AF9A079A62B5B7887D4F84422AEE5D47358FF7CE9C29340
                                                                                                                                                                                            Function 70A32FA0 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • src/pk/asn1/der/sequence/der_decode_sequence_multi.c, xrefs: 70A330F2
                                                                                                                                                                                            • in != NULL, xrefs: 70A330F9
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: in != NULL$src/pk/asn1/der/sequence/der_decode_sequence_multi.c
                                                                                                                                                                                            • API String ID: 0-85593093
                                                                                                                                                                                            • Opcode ID: b971f18128fe48b8bb9e473168068a1f5e6a61681e45d46cd56ea84a0fd1bdf3
                                                                                                                                                                                            • Instruction ID: eb7e8a576db2537b9850c904bd1e0706e9f8182c72439d5e3da0fd58c38344ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: b971f18128fe48b8bb9e473168068a1f5e6a61681e45d46cd56ea84a0fd1bdf3
                                                                                                                                                                                            • Instruction Fuzzy Hash: FD312933B186408ADB19CF19E510B4DB265E789BD8F944128EE4E47B5DDB39D541CB00
                                                                                                                                                                                            Function 00007FF7227E1F60 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                            • Opcode ID: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                            • Instruction ID: 9bfebfa0ca16e7650206d6619cb319782040e89384c770732ac32cd5907cb886
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a3e62a95b454dadb353150d352b283421c9113fe456df8e506f44dbb2775c65
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8E11CA21E0C18241F758A759ED452B99291EF8B780FC85030DA4906B99CEBCD995CA31
                                                                                                                                                                                            Function 00007FF7227E48D0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: mbstowcs
                                                                                                                                                                                            • String ID: Failed to convert Wflag %s using mbstowcs (invalid multibyte string)$pyi-
                                                                                                                                                                                            • API String ID: 103190477-3625900369
                                                                                                                                                                                            • Opcode ID: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                            • Instruction ID: 8a4d51e56c63a9e36e41749aa15e5487a99d6abdd3ea5b7b5bb26d3a3b334e1a
                                                                                                                                                                                            • Opcode Fuzzy Hash: aed045b625ebf3905c0aff7a32b24a02301d8b5edd0b4d444675b66f29e8e204
                                                                                                                                                                                            • Instruction Fuzzy Hash: BE516C21A0C64295FA14BB25EC252BAA291EF8EB94FC04135DB0D477E6DEFCE441CB70
                                                                                                                                                                                            Function 00007FFDFB102743 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 118COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _time64
                                                                                                                                                                                            • String ID: %02d%02d%02d%02d%02d%02dZ$%04d%02d%02d%02d%02d%02dZ
                                                                                                                                                                                            • API String ID: 1670930206-2648760357
                                                                                                                                                                                            • Opcode ID: 35c0674a6fc9a5195c317095fe527ac94bcdae6bb520b7aade9e85fd0519ba43
                                                                                                                                                                                            • Instruction ID: 4189f76a364356c9fc7184726026732c64ce0ef89730dae6ac03dd4a393f9a41
                                                                                                                                                                                            • Opcode Fuzzy Hash: 35c0674a6fc9a5195c317095fe527ac94bcdae6bb520b7aade9e85fd0519ba43
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D517133F1D7828AE760CB15E45066AB7A4FB88784F544135EA9D87BADEF3CE4418B00
                                                                                                                                                                                            Function 00007FFDFB101613 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 116COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: getaddrinfo
                                                                                                                                                                                            • String ID: ..\s\crypto\bio\b_addr.c
                                                                                                                                                                                            • API String ID: 300660673-2547254400
                                                                                                                                                                                            • Opcode ID: cee4118a91f4e298bb24630199019e17d2161ccb3740edd78188986782efcc03
                                                                                                                                                                                            • Instruction ID: adb1b581f273f927769568978c45bf30de061e234c5815c887928963355cb36d
                                                                                                                                                                                            • Opcode Fuzzy Hash: cee4118a91f4e298bb24630199019e17d2161ccb3740edd78188986782efcc03
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3141B6B3F1968387E751DB12A850ABA7790FB84788F004135EA9943BE9DF3CE8458B44
                                                                                                                                                                                            Function 70A145F0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: freestrrchr
                                                                                                                                                                                            • String ID: .pye
                                                                                                                                                                                            • API String ID: 4178315289-4135401513
                                                                                                                                                                                            • Opcode ID: d17273e83a67628eed136ef44bfe7f653d065c978a7cb02a0fea4f7d6472c0af
                                                                                                                                                                                            • Instruction ID: 5597bfaa514befca2eed9967239c43ecdc9d8ae8cb8aef605c12d5cd0d942339
                                                                                                                                                                                            • Opcode Fuzzy Hash: d17273e83a67628eed136ef44bfe7f653d065c978a7cb02a0fea4f7d6472c0af
                                                                                                                                                                                            • Instruction Fuzzy Hash: 20110812B1521489FF059B65BD1436D53A0AB89FD5F088530DE1E47768FE3CD8C6C304
                                                                                                                                                                                            Function 00007FF7227E2760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$ByteCharMultiWide
                                                                                                                                                                                            • String ID: Fatal error detected
                                                                                                                                                                                            • API String ID: 1878133881-4025702859
                                                                                                                                                                                            • Opcode ID: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                            • Instruction ID: 181befbd85e56f52de79285ae08d1a13a3e9570b88bbd873c41a7804f3e3404d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b61138d8ba7e34161e8adb61536ce26b4d2be66a0e24b62ca542749820394dc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F21716262C68291FB20AB10F8517EAA394FB89788FC05035EB8D47A95DF7CD215CB20
                                                                                                                                                                                            Function 70A05440 Relevance: 5.3, APIs: 4, Instructions: 286COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memcpy
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3510742995-0
                                                                                                                                                                                            • Opcode ID: 844357e0e3fdaf66b55b557e895eaca4895dc4424bb1714d2d459cc1e7947284
                                                                                                                                                                                            • Instruction ID: 1458fb00bc27e688268c9974f704bdc73d35f768dcab5dd3191ae4570fafc89c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 844357e0e3fdaf66b55b557e895eaca4895dc4424bb1714d2d459cc1e7947284
                                                                                                                                                                                            • Instruction Fuzzy Hash: 60B105B26187C886CB42CB35E804A4F7FADEB05790F89C615EE5A4B39CE739C955D301
                                                                                                                                                                                            Function 00007FF7227FA7E8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858576687.00007FF7227E1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7227E0000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858526981.00007FF7227E0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858625330.00007FF722805000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722817000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF72281A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858667412.00007FF722826000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858768503.00007FF722828000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ff7227e0000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                            • API String ID: 3215553584-336475711
                                                                                                                                                                                            • Opcode ID: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                            • Instruction ID: b86fb9911c3abeb93e6fd015354a5b813a5eadf87d57a22cb2d064f59bd8a9fc
                                                                                                                                                                                            • Opcode Fuzzy Hash: ac9e6cf1ee5af4ee396f22b42a5cc566f50753507a16ff94a4f2570f0bd7836c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3E01A26290C20285FB21BB609C5217EA3A0FF4D754FD01035DA4D467A1DFBCE505CE74
                                                                                                                                                                                            Function 70A2D050 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • __iob_func.MSVCRT ref: 70A2D060
                                                                                                                                                                                            • abort.MSVCRT(?,?,?,?,CA4587E7,70A2DC6F,?,?,?,?,70A02A6C), ref: 70A2D081
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • LTC_ARGCHK '%s' failure on line %d of file %s, xrefs: 70A2D066
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __iob_funcabort
                                                                                                                                                                                            • String ID: LTC_ARGCHK '%s' failure on line %d of file %s
                                                                                                                                                                                            • API String ID: 1307436159-2823265812
                                                                                                                                                                                            • Opcode ID: 539d72766582ce3841a7e1f0d2228c2204600d3cd5414ede9323b89e3cc8baf1
                                                                                                                                                                                            • Instruction ID: 3c9a46387d4dd623e250bdc5f4e66e26fadd665b16b3b8d30be5f7a7491526b1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 539d72766582ce3841a7e1f0d2228c2204600d3cd5414ede9323b89e3cc8baf1
                                                                                                                                                                                            • Instruction Fuzzy Hash: F8D05B6173465995D61067155A047595B90BB5DFD4F445210ED4C83B145B28D106C340
                                                                                                                                                                                            Function 00007FFDFB106BEA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21networkCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLastioctlsocket
                                                                                                                                                                                            • String ID: ..\s\crypto\bio\b_sock.c
                                                                                                                                                                                            • API String ID: 1021210092-540685895
                                                                                                                                                                                            • Opcode ID: 4461a209f28e95a1d17e1fe27fd0101058cda89b9424f7b2e88bf19f5e6d7981
                                                                                                                                                                                            • Instruction ID: 01b86ff996e480efe0490277a6cb802f9ee3ea68efd522f656794ad284191e7e
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4461a209f28e95a1d17e1fe27fd0101058cda89b9424f7b2e88bf19f5e6d7981
                                                                                                                                                                                            • Instruction Fuzzy Hash: F1E09AA2F1A51386F7126B60A834FBA2350AF0474DF000634E92D826F9DE2DA6688A10
                                                                                                                                                                                            Function 00007FFDFB33B3F0 Relevance: 5.2, APIs: 4, Instructions: 239COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • memchr.VCRUNTIME140(00007FFDFB33B35B,00000000,?,00000000,00007FFDFB33A5F9), ref: 00007FFDFB33B52B
                                                                                                                                                                                            • memchr.VCRUNTIME140(00007FFDFB33B35B,00000000,?,00000000,00007FFDFB33A5F9), ref: 00007FFDFB33B573
                                                                                                                                                                                            • memchr.VCRUNTIME140(00007FFDFB33B35B,00000000,?,00000000,00007FFDFB33A5F9), ref: 00007FFDFB33B58D
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1858837755.00007FFDFB19D000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFDFB100000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1858797881.00007FFDFB100000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB101000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB10D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB165000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB179000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB18A000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB190000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1858837755.00007FFDFB34D000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB34F000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB37A000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3AB000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3D1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859366702.00007FFDFB3F7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859659193.00007FFDFB41F000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859691856.00007FFDFB425000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB427000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB443000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1859754680.00007FFDFB447000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_7ffdfb100000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memchr
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3297308162-0
                                                                                                                                                                                            • Opcode ID: 894b152478e49585909b4f884bd3c79ebd5a6dd4ef0c1a77e308b87e5181a23f
                                                                                                                                                                                            • Instruction ID: cd36335e06d1b4446dcc5c927d5429eb1b9fe24a3038365093b79e968769ca88
                                                                                                                                                                                            • Opcode Fuzzy Hash: 894b152478e49585909b4f884bd3c79ebd5a6dd4ef0c1a77e308b87e5181a23f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0791D569B4968283EB50AB16D4A053AA7E1FB85BC4F4C4035DF9C837FADE2DE485C701
                                                                                                                                                                                            Function 70A02410 Relevance: 5.0, APIs: 4, Instructions: 48stringCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharMultiWide$freestrlen
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1041141762-0
                                                                                                                                                                                            • Opcode ID: ad294e4099f02295f2357813c19e238679c318336faa74baaf090b328041f331
                                                                                                                                                                                            • Instruction ID: 7657683141d96642da2e915fd1b06505071c85329e96f7a2047e7f83e377e4b7
                                                                                                                                                                                            • Opcode Fuzzy Hash: ad294e4099f02295f2357813c19e238679c318336faa74baaf090b328041f331
                                                                                                                                                                                            • Instruction Fuzzy Hash: 33F0F42270035449E725DB23BD41B1FA6D5BB8CBD8F4881389E4D43B68EE3CD5468304
                                                                                                                                                                                            Function 70A95BE0 Relevance: 5.0, APIs: 4, Instructions: 42COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000001.00000002.1848506816.0000000070A01000.00000020.00000001.01000000.00000016.sdmp, Offset: 70A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000001.00000002.1848475861.0000000070A00000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848561745.0000000070A97000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848585293.0000000070A98000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848637880.0000000070AF8000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848677370.0000000070B21000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848705319.0000000070B27000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848738229.0000000070B29000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848764500.0000000070B2A000.00000004.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848787595.0000000070B2B000.00000008.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000001.00000002.1848814330.0000000070B2E000.00000002.00000001.01000000.00000016.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_1_2_70a00000_file.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CriticalSection$EnterLeavefree
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4020351045-0
                                                                                                                                                                                            • Opcode ID: 53514f2576c33a93f94888c7a190621c108a357db63a2f10436ba914c2f820f4
                                                                                                                                                                                            • Instruction ID: a1537baa55c5f4dddb1b342b8b21c7a8725dbea1ab280a00a165f08c7997eb80
                                                                                                                                                                                            • Opcode Fuzzy Hash: 53514f2576c33a93f94888c7a190621c108a357db63a2f10436ba914c2f820f4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 22011E71B29701C6EF09CB75E99131933F1B798B90F904625C91E87328EB7CEA428304