Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rvigVjH6wf.exe

Overview

General Information

Sample name:rvigVjH6wf.exe
renamed because original name is a hash value
Original sample name:b11f05236edbf4da040010b62b4c16cd4c7c0c3e6218bcd29170922973b94099.exe
Analysis ID:1577184
MD5:f80d7f221e494eddecbce2a160890733
SHA1:070e5a6c99c70b67e73f24d3acbb78043038197c
SHA256:b11f05236edbf4da040010b62b4c16cd4c7c0c3e6218bcd29170922973b94099
Tags:130-193-51-109exeuser-JAMESWT_MHT
Infos:

Detection

Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Found pyInstaller with non standard icon
Uses known network protocols on non-standard ports
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • rvigVjH6wf.exe (PID: 2996 cmdline: "C:\Users\user\Desktop\rvigVjH6wf.exe" MD5: F80D7F221E494EDDECBCE2A160890733)
    • rvigVjH6wf.exe (PID: 4908 cmdline: "C:\Users\user\Desktop\rvigVjH6wf.exe" MD5: F80D7F221E494EDDECBCE2A160890733)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Multi AV Scanner detection for submitted file
Source: rvigVjH6wf.exeVirustotal: Detection: 36%Perma Link
Source: rvigVjH6wf.exeReversingLabs: Detection: 36%
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133E200 CRYPTO_free,1_2_00007FFE0133E200
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013021F0 CRYPTO_THREAD_run_once,1_2_00007FFE013021F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0130E227 CRYPTO_THREAD_write_lock,1_2_00007FFE0130E227
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01334230 CRYPTO_malloc,memset,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE01334230
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01332230 ERR_new,ERR_set_debug,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,BN_clear_free,BN_clear_free,BN_clear_free,1_2_00007FFE01332230
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013121C0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_dup,X509_VERIFY_PARAM_new,X509_VERIFY_PARAM_inherit,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_malloc,memcpy,CRYPTO_new_ex_data,1_2_00007FFE013121C0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1389 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F1389
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1AB4 CRYPTO_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE012F1AB4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1893 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_strdup,ERR_new,ERR_set_debug,1_2_00007FFE012F1893
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013480A0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE013480A0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133E040 CRYPTO_free,1_2_00007FFE0133E040
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01354110 ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_encrypt_init,EVP_PKEY_encrypt,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFE01354110
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133E0C1 CRYPTO_free,CRYPTO_free,1_2_00007FFE0133E0C1
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F24C8 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,1_2_00007FFE012F24C8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F26DF BIO_s_file,BIO_new,ERR_new,ERR_set_debug,BIO_ctrl,ERR_new,ERR_set_debug,strncmp,ERR_new,ERR_set_debug,strncmp,CRYPTO_realloc,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,PEM_read_bio,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,BIO_free,1_2_00007FFE012F26DF
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1140 CRYPTO_free,1_2_00007FFE012F1140
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01310380 X509_VERIFY_PARAM_free,CRYPTO_free_ex_data,BIO_pop,BIO_free,BIO_free_all,BIO_free_all,BUF_MEM_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,SCT_LIST_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,EVP_MD_CTX_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,ASYNC_WAIT_CTX_free,CRYPTO_free,OPENSSL_sk_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE01310380
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F25EF CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,memcpy,memcmp,memcmp,memcmp,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_clear_free,1_2_00007FFE012F25EF
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01348350 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE01348350
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013043A0 OPENSSL_sk_num,X509_STORE_CTX_new_ex,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_STORE_CTX_init,ERR_new,ERR_set_debug,ERR_set_error,X509_STORE_CTX_free,X509_STORE_CTX_set_flags,CRYPTO_THREAD_run_once,X509_STORE_CTX_set_ex_data,OPENSSL_sk_num,X509_STORE_CTX_set0_dane,X509_STORE_CTX_set_default,X509_VERIFY_PARAM_set1,X509_STORE_CTX_set_verify_cb,X509_verify_cert,X509_STORE_CTX_get_error,OPENSSL_sk_pop_free,X509_STORE_CTX_get0_chain,X509_STORE_CTX_get1_chain,ERR_new,ERR_set_debug,ERR_set_error,X509_VERIFY_PARAM_move_peername,X509_STORE_CTX_free,1_2_00007FFE013043A0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F139D memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,1_2_00007FFE012F139D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1B54 memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,memcmp,EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,memcpy,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE012F1B54
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F198D CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE012F198D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133E260 CRYPTO_free,1_2_00007FFE0133E260
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1401 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F1401
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2180 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE012F2180
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0136A2C0 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,EVP_PKEY_CTX_set_rsa_padding,OSSL_PARAM_construct_uint,OSSL_PARAM_construct_end,EVP_PKEY_CTX_set_params,EVP_PKEY_decrypt,OPENSSL_cleanse,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFE0136A2C0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F23D8 EVP_MD_get_size,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_clear_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE012F23D8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013622F0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE013622F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F4300 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F4300
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1488 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F1488
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133E5A0 CRYPTO_free,1_2_00007FFE0133E5A0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133E540 CRYPTO_free,1_2_00007FFE0133E540
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01354540 BN_num_bits,BN_bn2bin,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE01354540
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0130A600 CRYPTO_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,1_2_00007FFE0130A600
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01338620 CRYPTO_free,1_2_00007FFE01338620
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F114F CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE012F114F
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1212 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE012F1212
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013325D0 SRP_Calc_u_ex,BN_num_bits,CRYPTO_malloc,ERR_new,ERR_set_debug,BN_bn2bin,BN_clear_free,BN_clear_free,1_2_00007FFE013325D0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0131E5E0 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFE0131E5E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F120D EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memset,1_2_00007FFE012F120D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F18B6 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F18B6
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F84B0 CRYPTO_zalloc,CRYPTO_free,1_2_00007FFE012F84B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1A0F ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get0_cipher,EVP_CIPHER_get_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,CRYPTO_memcmp,ERR_set_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_pop_to_mark,ERR_clear_last_mark,ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,strncmp,strncmp,strncmp,strncmp,strncmp,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE012F1A0F
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01362510 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE01362510
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1492 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F1492
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1F23 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE012F1F23
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F22D4 CRYPTO_malloc,CONF_parse_list,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F22D4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1771 CRYPTO_free,1_2_00007FFE012F1771
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01304790 CRYPTO_get_ex_new_index,1_2_00007FFE01304790
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0136A770 BN_bin2bn,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE0136A770
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F136B ERR_new,ERR_set_debug,CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,ERR_new,ERR_set_debug,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F136B
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013047F0 i2d_X509_NAME,i2d_X509_NAME,memcmp,CRYPTO_free,CRYPTO_free,1_2_00007FFE013047F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01364809 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE01364809
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01338810 CRYPTO_malloc,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE01338810
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F17DF ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F17DF
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F241E CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F241E
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01350700 ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFE01350700
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1CA3 CRYPTO_strdup,CRYPTO_free,1_2_00007FFE012F1CA3
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F17E9 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,memcmp,ERR_new,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE012F17E9
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F26AD ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE012F26AD
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F14CE CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE012F14CE
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013386D0 OPENSSL_cleanse,CRYPTO_free,1_2_00007FFE013386D0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013566E0 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE013566E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013626E0 CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_fetch,EVP_CIPHER_get_iv_length,RAND_bytes_ex,EVP_CIPHER_free,EVP_EncryptUpdate,EVP_EncryptFinal,ERR_new,ERR_new,ERR_new,ERR_set_debug,EVP_CIPHER_CTX_get_iv_length,ERR_new,ERR_new,CRYPTO_free,EVP_CIPHER_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_CIPHER_CTX_free,1_2_00007FFE013626E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0130E948 CRYPTO_free,1_2_00007FFE0130E948
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1811 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE012F1811
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01306990 CRYPTO_THREAD_run_once,OPENSSL_sk_find,OPENSSL_sk_value,EVP_CIPHER_fetch,EVP_CIPHER_get_flags,1_2_00007FFE01306990
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01304980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_snprintf,1_2_00007FFE01304980
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1A32 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFE012F1A32
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2577 ERR_new,ERR_set_debug,CRYPTO_free,BIO_clear_flags,BIO_set_flags,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_cleanse,1_2_00007FFE012F2577
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F13DE EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_security_bits,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,EVP_PKEY_get_bn_param,EVP_PKEY_get_bn_param,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,BN_num_bits,BN_num_bits,memset,BN_num_bits,BN_bn2bin,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,ERR_set_debug,EVP_DigestSign,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,EVP_MD_CTX_free,BN_free,BN_free,BN_free,BN_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F13DE
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1181 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F1181
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2365 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F2365
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F17F8 EVP_MD_CTX_new,EVP_PKEY_new_raw_private_key_ex,EVP_DigestSignInit_ex,EVP_DigestSign,EVP_MD_CTX_free,EVP_PKEY_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F17F8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0135A930 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE0135A930
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1A41 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_set_debug,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F1A41
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1A05 ERR_new,ERR_set_debug,ERR_set_error,ASN1_item_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,_time64,X509_free,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ASN1_item_free,1_2_00007FFE012F1A05
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2464 CRYPTO_memcmp,ERR_new,ERR_set_debug,memchr,ERR_new,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F2464
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0130CB40 CRYPTO_free,CRYPTO_free,CRYPTO_free_ex_data,OPENSSL_LH_free,X509_STORE_free,CTLOG_STORE_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_pop_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_secure_free,EVP_MD_get0_provider,EVP_MD_free,EVP_MD_get0_provider,EVP_MD_free,EVP_CIPHER_get0_provider,EVP_CIPHER_free,EVP_MD_get0_provider,EVP_MD_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE0130CB40
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0131EB40 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,ERR_new,ERR_set_debug,CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,memcpy,1_2_00007FFE0131EB40
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0130EC00 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,BUF_MEM_free,EVP_MD_CTX_free,X509_free,X509_VERIFY_PARAM_move_peername,CRYPTO_free,1_2_00007FFE0130EC00
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01332C10 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE01332C10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01324C28 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE01324C28
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F4BD0 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F4BD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1F87 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE012F1F87
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01338A90 CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE01338A90
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F110E EVP_PKEY_free,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_new,ERR_new,ERR_set_debug,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,ERR_new,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,1_2_00007FFE012F110E
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F20E0 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F20E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F117C _time64,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFE012F117C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F213F EVP_CIPHER_get_mode,EVP_CIPHER_get_mode,EVP_CIPHER_get_iv_length,EVP_CIPHER_get_key_length,CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE012F213F
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F4B10 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F4B10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01328D90 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE01328D90
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1A23 BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,BN_dup,CRYPTO_strdup,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE012F1A23
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F195B CRYPTO_zalloc,EVP_MAC_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE012F195B
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1E65 ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFE012F1E65
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FCDC0 CRYPTO_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_clear_free,CRYPTO_free,CRYPTO_free,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,CRYPTO_free,memset,CRYPTO_free,1_2_00007FFE012FCDC0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01346C40 CRYPTO_realloc,1_2_00007FFE01346C40
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F11A9 EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE012F11A9
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01318D10 CRYPTO_free,EVP_PKEY_free,CRYPTO_free,1_2_00007FFE01318D10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F21E4 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,1_2_00007FFE012F21E4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0131CD30 CRYPTO_THREAD_write_lock,OPENSSL_sk_new_null,OPENSSL_LH_delete,OPENSSL_sk_push,OPENSSL_LH_set_down_load,CRYPTO_THREAD_unlock,OPENSSL_sk_pop_free,1_2_00007FFE0131CD30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01350D30 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE01350D30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0135ACD0 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE0135ACD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2112 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,1_2_00007FFE012F2112
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F4FA0 CRYPTO_free,1_2_00007FFE012F4FA0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2374 CRYPTO_free,1_2_00007FFE012F2374
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01352F60 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,1_2_00007FFE01352F60
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1B90 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE012F1B90
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1393 OSSL_PROVIDER_do_all,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,1_2_00007FFE012F1393
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01340E50 CRYPTO_memcmp,1_2_00007FFE01340E50
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F105F ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFE012F105F
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01346E70 CRYPTO_malloc,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE01346E70
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1677 CRYPTO_THREAD_write_lock,OPENSSL_LH_retrieve,OPENSSL_LH_delete,CRYPTO_THREAD_unlock,1_2_00007FFE012F1677
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F20EF CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F20EF
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FD140 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012FD140
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0135D170 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,1_2_00007FFE0135D170
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F111D CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,EVP_PKEY_up_ref,X509_up_ref,EVP_PKEY_up_ref,X509_chain_up_ref,CRYPTO_malloc,memcpy,CRYPTO_malloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,ERR_new,CRYPTO_malloc,memcpy,CRYPTO_memdup,X509_STORE_up_ref,X509_STORE_up_ref,CRYPTO_strdup,1_2_00007FFE012F111D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1483 CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F1483
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01353210 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,EVP_PKEY_free,1_2_00007FFE01353210
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FB200 CRYPTO_clear_free,1_2_00007FFE012FB200
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FF060 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE012FF060
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2121 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,CRYPTO_THREAD_unlock,memcmp,ERR_new,ERR_set_debug,_time64,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F2121
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01351126 CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE01351126
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1262 X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,1_2_00007FFE012F1262
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013410C0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE013410C0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0131D0C0 CRYPTO_free_ex_data,OPENSSL_cleanse,OPENSSL_cleanse,X509_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_clear_free,1_2_00007FFE0131D0C0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0135B0D0 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE0135B0D0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1ACD ERR_new,ERR_set_debug,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,memcpy,ERR_new,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F1ACD
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F11BD CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F11BD
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01339370 ERR_new,ERR_set_debug,EVP_MD_CTX_get0_md,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_set_mark,ERR_pop_to_mark,ERR_new,ERR_set_debug,ERR_clear_last_mark,EVP_MD_CTX_get0_md,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE01339370
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01353420 ERR_new,ERR_set_debug,X509_get0_pubkey,EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,CRYPTO_malloc,EVP_PKEY_encrypt_init,RAND_bytes_ex,EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,EVP_MD_CTX_free,1_2_00007FFE01353420
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013352A0 CRYPTO_free,1_2_00007FFE013352A0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F230B ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_new,EVP_MD_fetch,ERR_new,ERR_new,ERR_set_debug,EVP_MD_free,EVP_MD_get_size,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,EVP_MD_free,CRYPTO_free,1_2_00007FFE012F230B
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F155A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,1_2_00007FFE012F155A
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1992 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_strdup,OPENSSL_LH_new,X509_STORE_new,CTLOG_STORE_new_ex,OPENSSL_sk_num,X509_VERIFY_PARAM_new,OPENSSL_sk_new_null,OPENSSL_sk_new_null,CRYPTO_new_ex_data,CRYPTO_secure_zalloc,RAND_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,RAND_priv_bytes_ex,ERR_new,ERR_set_debug,1_2_00007FFE012F1992
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1997 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_decapsulate,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,1_2_00007FFE012F1997
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FD2E1 CRYPTO_free,1_2_00007FFE012FD2E1
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F144C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_MD_CTX_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,memcpy,1_2_00007FFE012F144C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013412E0 ERR_new,ERR_set_debug,EVP_PKEY_get1_encoded_public_key,CRYPTO_free,ERR_new,ERR_set_debug,EVP_PKEY_free,CRYPTO_free,1_2_00007FFE013412E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133D2F0 RAND_bytes_ex,CRYPTO_malloc,memset,1_2_00007FFE0133D2F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1ED8 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_find,CRYPTO_free,ERR_new,ERR_set_debug,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F1ED8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FF540 EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_derive_set_peer,EVP_PKEY_is_a,CRYPTO_malloc,ERR_new,ERR_set_debug,EVP_PKEY_derive,ERR_new,ERR_new,ERR_set_debug,CRYPTO_clear_free,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,1_2_00007FFE012FF540
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01365540 CRYPTO_memcmp,1_2_00007FFE01365540
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013335E0 CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,OPENSSL_cleanse,CRYPTO_free,CRYPTO_free,1_2_00007FFE013335E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133F490 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE0133F490
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F193D CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F193D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1023 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F1023
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01323460 CRYPTO_malloc,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,memset,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,ERR_set_debug,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,CRYPTO_strdup,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,OSSL_PARAM_locate_const,OSSL_PARAM_get_uint,ERR_new,OSSL_PARAM_locate_const,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,OSSL_PARAM_locate_const,OSSL_PARAM_get_int,ERR_set_mark,EVP_KEYMGMT_free,ERR_pop_to_mark,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE01323460
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013014E0 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE013014E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F12CB CRYPTO_THREAD_run_once,1_2_00007FFE012F12CB
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1582 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE012F1582
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01369790 EVP_PKEY_CTX_new_from_pkey,ERR_new,ERR_set_debug,EVP_PKEY_decrypt_init,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_clear_error,ASN1_item_d2i,ASN1_TYPE_get,ERR_new,ERR_set_debug,EVP_PKEY_decrypt,ERR_new,EVP_PKEY_CTX_ctrl,ERR_new,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,ASN1_item_free,1_2_00007FFE01369790
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013097B0 CRYPTO_free,CRYPTO_strdup,1_2_00007FFE013097B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0131D750 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,_time64,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_new_ex_data,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE0131D750
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F108C ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE012F108C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01347770 CRYPTO_memdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE01347770
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FF7F0 ERR_new,ERR_set_debug,EVP_PKEY_CTX_new_from_pkey,CRYPTO_malloc,CRYPTO_malloc,EVP_PKEY_encapsulate,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,CRYPTO_free,EVP_PKEY_CTX_free,1_2_00007FFE012FF7F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F19E7 CRYPTO_free,1_2_00007FFE012F19E7
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F162C EVP_MD_CTX_new,ERR_new,ERR_set_debug,ERR_new,EVP_MD_get0_name,EVP_DigestSignInit_ex,ERR_new,ERR_set_debug,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_DigestSignUpdate,EVP_DigestSignFinal,CRYPTO_malloc,EVP_DigestSignFinal,ERR_new,ERR_new,EVP_DigestSign,ERR_new,CRYPTO_malloc,EVP_DigestSign,BUF_reverse,ERR_new,CRYPTO_free,EVP_MD_CTX_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,EVP_MD_CTX_free,1_2_00007FFE012F162C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01367820 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcmp,ERR_new,ERR_new,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memcmp,ERR_new,ERR_set_debug,ERR_new,OPENSSL_sk_free,OPENSSL_sk_dup,OPENSSL_sk_free,OPENSSL_sk_dup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_num,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_free,ERR_new,OPENSSL_sk_free,OPENSSL_sk_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE01367820
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F11DB EVP_PKEY_free,X509_free,EVP_PKEY_free,OPENSSL_sk_pop_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,X509_STORE_free,X509_STORE_free,CRYPTO_free,CRYPTO_THREAD_lock_free,CRYPTO_free,1_2_00007FFE012F11DB
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2522 CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F2522
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1646 EVP_MD_CTX_new,ERR_new,ERR_set_debug,X509_get0_pubkey,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_PKEY_get_id,EVP_MD_get0_name,EVP_DigestVerifyInit_ex,ERR_new,ERR_set_debug,CRYPTO_malloc,ERR_new,ERR_set_debug,BUF_reverse,EVP_PKEY_CTX_set_rsa_padding,EVP_PKEY_CTX_set_rsa_pss_saltlen,ERR_new,EVP_MD_CTX_ctrl,ERR_new,ERR_set_debug,ERR_new,EVP_DigestVerify,ERR_new,ERR_new,ERR_new,ERR_set_debug,BIO_free,EVP_MD_CTX_free,CRYPTO_free,1_2_00007FFE012F1646
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0134F660 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE0134F660
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F25D6 CRYPTO_malloc,ERR_new,ERR_set_debug,memcpy,ERR_new,ERR_set_debug,1_2_00007FFE012F25D6
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1087 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_run_once,CRYPTO_THREAD_run_once,1_2_00007FFE012F1087
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F176C CRYPTO_malloc,CRYPTO_THREAD_lock_new,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_up_ref,X509_chain_up_ref,CRYPTO_strdup,CRYPTO_strdup,CRYPTO_dup_ex_data,CRYPTO_strdup,CRYPTO_memdup,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_memdup,1_2_00007FFE012F176C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01307730 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE01307730
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F107D CRYPTO_free,1_2_00007FFE012F107D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1D84 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE012F1D84
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01307980 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_malloc,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,strncmp,CRYPTO_free,CRYPTO_free,OPENSSL_sk_new_null,CRYPTO_free,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_push,OPENSSL_sk_delete,OPENSSL_sk_num,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_free,CRYPTO_free,OPENSSL_sk_free,1_2_00007FFE01307980
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F271B CRYPTO_free,CRYPTO_strdup,1_2_00007FFE012F271B
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F204A CRYPTO_free,CRYPTO_malloc,ERR_new,RAND_bytes_ex,ERR_new,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE012F204A
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1A16 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE012F1A16
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01305A10 OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,1_2_00007FFE01305A10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013159F0 CRYPTO_free,CRYPTO_free,1_2_00007FFE013159F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F586A BIO_get_data,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_clear_flags,BIO_get_data,BIO_set_shutdown,BIO_push,BIO_set_next,BIO_up_ref,BIO_set_init,1_2_00007FFE012F586A
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013538A0 EVP_MD_CTX_new,EVP_DigestInit,EVP_DigestUpdate,EVP_DigestUpdate,EVP_DigestFinal_ex,EVP_MD_CTX_free,CRYPTO_malloc,EVP_PKEY_CTX_ctrl,EVP_PKEY_encrypt,EVP_PKEY_CTX_free,ERR_new,ERR_set_debug,EVP_PKEY_CTX_free,CRYPTO_clear_free,ERR_new,ERR_set_debug,1_2_00007FFE013538A0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1846 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,CRYPTO_memcmp,ERR_new,ERR_set_debug,OPENSSL_sk_push,OPENSSL_sk_num,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,OPENSSL_sk_value,X509_get0_pubkey,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_shift,OPENSSL_sk_pop_free,ERR_new,ERR_set_debug,1_2_00007FFE012F1846
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01359850 ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE01359850
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01315870 CRYPTO_zalloc,CRYPTO_zalloc,OBJ_nid2sn,EVP_get_digestbyname,OBJ_nid2sn,EVP_get_digestbyname,CRYPTO_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE01315870
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2590 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE012F2590
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1B18 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,OPENSSL_cleanse,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,CRYPTO_memcmp,ERR_new,ERR_new,1_2_00007FFE012F1B18
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1B31 CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F1B31
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0134F8F0 CRYPTO_free,CRYPTO_strndup,1_2_00007FFE0134F8F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133DB60 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,CRYPTO_free,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE0133DB60
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0135BB70 CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,CRYPTO_free,memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE0135BB70
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F150F OPENSSL_sk_num,OPENSSL_sk_num,OPENSSL_sk_new_reserve,ERR_new,ERR_set_debug,ERR_set_error,OPENSSL_sk_value,X509_VERIFY_PARAM_get_depth,CRYPTO_dup_ex_data,X509_VERIFY_PARAM_inherit,OPENSSL_sk_dup,OPENSSL_sk_dup,1_2_00007FFE012F150F
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1361 CRYPTO_malloc,EVP_PKEY_set_type,EVP_PKEY_CTX_new_from_pkey,EVP_PKEY_CTX_free,ERR_pop_to_mark,CRYPTO_free,EVP_PKEY_free,1_2_00007FFE012F1361
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F222A ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_clear_free,1_2_00007FFE012F222A
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F267B CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE012F267B
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F23E7 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE012F23E7
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1CEE CRYPTO_malloc,memset,memcpy,memcpy,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,CRYPTO_clear_free,OPENSSL_cleanse,1_2_00007FFE012F1CEE
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1C53 CRYPTO_free,CRYPTO_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,BN_free,1_2_00007FFE012F1C53
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01347A40 CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE01347A40
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01355B10 EVP_CIPHER_CTX_free,CRYPTO_free,ERR_new,ERR_set_debug,CRYPTO_free,1_2_00007FFE01355B10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01303B30 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_THREAD_lock_new,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,1_2_00007FFE01303B30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F23EC CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F23EC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F13D9 OPENSSL_sk_new_null,ERR_new,ERR_set_debug,X509_new_ex,d2i_X509,CRYPTO_free,OPENSSL_sk_push,CRYPTO_free,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_new,ERR_set_debug,X509_free,OPENSSL_sk_pop_free,1_2_00007FFE012F13D9
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01315AE0 ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_realloc,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE01315AE0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01305B10 COMP_zlib,OPENSSL_sk_new,COMP_get_type,CRYPTO_malloc,COMP_get_name,OPENSSL_sk_push,CRYPTO_free,OPENSSL_sk_sort,1_2_00007FFE01305B10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133DAF0 CRYPTO_free,1_2_00007FFE0133DAF0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F15E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_set_error,memcpy,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,memcpy,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE012F15E6
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01305D80 CRYPTO_THREAD_run_once,1_2_00007FFE01305D80
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1CE9 memcpy,CRYPTO_free,CRYPTO_free,CRYPTO_free,1_2_00007FFE012F1CE9
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F5C53 CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,BIO_set_init,BIO_set_data,BIO_clear_flags,1_2_00007FFE012F5C53
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1F50 CRYPTO_THREAD_write_lock,CRYPTO_THREAD_unlock,1_2_00007FFE012F1F50
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01353D30 ERR_new,ERR_set_debug,memset,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_memdup,CRYPTO_strdup,CRYPTO_free,CRYPTO_free,ERR_new,ERR_new,ERR_set_debug,OPENSSL_cleanse,OPENSSL_cleanse,CRYPTO_clear_free,CRYPTO_clear_free,1_2_00007FFE01353D30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1CBC EVP_MD_get_size,ERR_new,ERR_set_debug,RAND_bytes_ex,ERR_new,ERR_set_debug,_time64,CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F1CBC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F19DD BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,BN_dup,BN_copy,BN_free,CRYPTO_free,CRYPTO_strdup,1_2_00007FFE012F19DD
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01347CD0 CRYPTO_memcmp,1_2_00007FFE01347CD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1F37 CRYPTO_malloc,ERR_new,ERR_set_debug,1_2_00007FFE012F1F37
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01315CF0 ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_zalloc,ERR_new,ERR_set_debug,ERR_set_error,CRYPTO_malloc,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,memcpy,OPENSSL_sk_num,OPENSSL_sk_value,OPENSSL_sk_insert,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,EVP_PKEY_free,EVP_PKEY_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,d2i_X509,X509_get0_pubkey,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,X509_free,OPENSSL_sk_new_null,OPENSSL_sk_push,ERR_new,ERR_set_debug,ERR_set_error,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,X509_free,CRYPTO_free,EVP_PKEY_free,CRYPTO_free,ERR_new,ERR_set_debug,ERR_set_error,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE01315CF0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1D8E EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,EVP_CIPHER_CTX_free,CRYPTO_zalloc,EVP_MAC_CTX_free,EVP_MAC_free,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_fetch,EVP_MAC_CTX_new,EVP_MAC_free,EVP_CIPHER_CTX_new,EVP_CIPHER_fetch,OSSL_PARAM_construct_utf8_string,OSSL_PARAM_construct_end,EVP_MAC_init,EVP_DecryptInit_ex,EVP_CIPHER_free,EVP_CIPHER_free,EVP_CIPHER_free,EVP_MAC_CTX_get_mac_size,EVP_CIPHER_CTX_get_iv_length,EVP_MAC_final,CRYPTO_memcmp,CRYPTO_malloc,CRYPTO_free,CRYPTO_free,memcpy,ERR_clear_error,CRYPTO_free,EVP_CIPHER_CTX_free,EVP_MAC_CTX_free,CRYPTO_free,1_2_00007FFE012F1D8E
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2027 CRYPTO_free,1_2_00007FFE012F2027
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1AC3 CRYPTO_THREAD_read_lock,CRYPTO_THREAD_unlock,1_2_00007FFE012F1AC3
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FDFB2 ERR_set_debug,CRYPTO_free,CRYPTO_strdup,ERR_new,1_2_00007FFE012FDFB2
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1EDD CRYPTO_free,CRYPTO_strndup,CRYPTO_free,OPENSSL_cleanse,_time64,memcpy,EVP_MD_get0_name,EVP_MD_is_a,ERR_new,ERR_set_debug,OPENSSL_cleanse,ERR_new,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_new,EVP_MD_get_size,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE012F1EDD
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01361F70 CRYPTO_memcmp,1_2_00007FFE01361F70
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01324000 CRYPTO_realloc,memcpy,ERR_new,ERR_set_debug,ERR_set_error,1_2_00007FFE01324000
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F103C CRYPTO_malloc,COMP_expand_block,1_2_00007FFE012F103C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F24E6 CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,1_2_00007FFE012F24E6
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F3EB0 CRYPTO_free,1_2_00007FFE012F3EB0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F16A4 CRYPTO_free,CRYPTO_malloc,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F16A4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01311E60 memcpy,CRYPTO_THREAD_read_lock,OPENSSL_LH_retrieve,CRYPTO_THREAD_unlock,1_2_00007FFE01311E60
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F5E80 BIO_get_data,BIO_get_shutdown,BIO_get_init,BIO_clear_flags,BIO_set_init,CRYPTO_free,1_2_00007FFE012F5E80
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01369F10 ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_strndup,ERR_new,ERR_set_debug,ERR_new,ERR_new,ERR_set_debug,CRYPTO_free,CRYPTO_memdup,OPENSSL_cleanse,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE01369F10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F236F CRYPTO_free,CRYPTO_memdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012F236F
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012FDEC0 CRYPTO_free,CRYPTO_strdup,ERR_new,ERR_set_debug,ERR_new,ERR_set_debug,1_2_00007FFE012FDEC0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0130BEC0 CRYPTO_free,CRYPTO_memdup,1_2_00007FFE0130BEC0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC44F20 i2d_X509,PyBytes_FromStringAndSize,CRYPTO_free,1_2_00007FFE0EC44F20
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC451D4 ASN1_STRING_type,ASN1_STRING_length,ASN1_STRING_get0_data,_Py_BuildValue_SizeT,ASN1_STRING_to_UTF8,_Py_Dealloc,_Py_BuildValue_SizeT,CRYPTO_free,1_2_00007FFE0EC451D4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EA18E0 _Py_NoneStruct,_PyArg_UnpackKeywords,PyObject_GetBuffer,PyBuffer_IsContiguous,PyObject_GetBuffer,PyBuffer_IsContiguous,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,PyLong_AsUnsignedLong,EVP_PBE_scrypt,PyBytes_FromStringAndSize,PyEval_SaveThread,EVP_PBE_scrypt,PyEval_RestoreThread,PyExc_ValueError,PyErr_SetString,PyBuffer_Release,PyBuffer_Release,PyLong_AsLong,PyErr_Occurred,PyLong_AsLong,PyErr_Occurred,PyExc_ValueError,PyExc_ValueError,PyErr_Format,_PyArg_BadArgument,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,PyErr_Occurred,PyExc_TypeError,_PyArg_BadArgument,_PyArg_BadArgument,PyExc_OverflowError,PyExc_OverflowError,_Py_Dealloc,PyExc_ValueError,1_2_00007FFE11EA18E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EA6244 CRYPTO_memcmp,1_2_00007FFE11EA6244
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
Source: rvigVjH6wf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: rvigVjH6wf.exe, 00000001.00000002.3074644206.00007FFDFB464000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: rvigVjH6wf.exe, 00000001.00000002.3073840141.00007FFDFAFA1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: rvigVjH6wf.exe, 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: rvigVjH6wf.exe, 00000000.00000003.1807688188.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3084847239.00007FFE1A463000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: rvigVjH6wf.exe, 00000001.00000002.3073840141.00007FFDFAF09000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: rvigVjH6wf.exe, 00000000.00000003.1807688188.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3084847239.00007FFE1A463000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: rvigVjH6wf.exe, 00000001.00000002.3073840141.00007FFDFAFA1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3084092236.00007FFE14633000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: rvigVjH6wf.exe, 00000001.00000002.3084619082.00007FFE148E1000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083133668.00007FFE11EA7000.00000002.00000001.01000000.00000010.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083247624.00007FFE11EDC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: rvigVjH6wf.exe, 00000001.00000002.3077715316.00007FFE10252000.00000002.00000001.01000000.0000000E.sdmp, pyexpat.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083247624.00007FFE11EDC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083891326.00007FFE1338D000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083603535.00007FFE130C4000.00000002.00000001.01000000.0000000D.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083753215.00007FFE13209000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083603535.00007FFE130C4000.00000002.00000001.01000000.0000000D.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3070426205.0000020001200000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: rvigVjH6wf.exe, 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: rvigVjH6wf.exe, 00000001.00000002.3077196765.00007FFE0EC4D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89C92F0 FindFirstFileExW,FindClose,0_2_00007FF6B89C92F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89C83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6B89C83B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6B89E18E4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89C92F0 FindFirstFileExW,FindClose,1_2_00007FF6B89C92F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89C83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF6B89C83B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6B89E18E4

Networking

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 3000
Source: global trafficTCP traffic: 192.168.2.4:49731 -> 130.193.51.109:3000
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownTCP traffic detected without corresponding DNS query: 130.193.51.109
Source: unknownHTTP traffic detected: POST /receive_info HTTP/1.1Host: 130.193.51.109:3000User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflateAccept: */*Connection: keep-aliveContent-Length: 177Content-Type: application/json
Source: rvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: rvigVjH6wf.exe, 00000001.00000002.3072743878.00000200041A8000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://130.193.51.109:3000/receive_info
Source: rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF582000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF582000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rvigVjH6wf.exe, 00000001.00000003.1843925921.0000020003686000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1845361070.0000020003683000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: rvigVjH6wf.exe, 00000001.00000003.1843786744.0000020003709000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1847010545.0000020003201000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1845946961.00000200031FD000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200031AD000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1843786744.0000020003748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200031AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: rvigVjH6wf.exe, 00000001.00000002.3070769596.0000020002C80000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000381B000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200031AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF582000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.cr
Source: _asyncio.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: rvigVjH6wf.exe, 00000001.00000002.3072333206.0000020003AC0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071661153.00000200035C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: rvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003FF4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
Source: rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF582000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF582000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: rvigVjH6wf.exe, 00000001.00000002.3071439075.00000200034C0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071347853.00000200033C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/cet
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071661153.00000200035C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: rvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl=d
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: rvigVjH6wf.exe, 00000000.00000003.1828059309.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, LICENSE0.0.drString found in binary or memory: http://www.apache.org/licenses/
Source: rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF584000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1828059309.0000025CAF583000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1828059309.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, LICENSE0.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: rvigVjH6wf.exe, 00000001.00000002.3071439075.00000200034C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1814726647.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1816345240.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1819391155.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003932000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
Source: rvigVjH6wf.exe, 00000001.00000002.3072414827.0000020003BC0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072333206.0000020003AC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io
Source: METADATA.0.drString found in binary or memory: https://cryptography.io/
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: rvigVjH6wf.exe, 00000001.00000003.1842059718.00000200031BD000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1842754140.00000200031B8000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200031AD000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1845946961.00000200031B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002B80000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: rvigVjH6wf.exe, 00000001.00000002.3070874832.0000020002EC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: rvigVjH6wf.exe, 00000001.00000002.3070874832.0000020002EC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: rvigVjH6wf.exe, 00000001.00000002.3070454752.00000200012B2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: rvigVjH6wf.exe, 00000001.00000002.3072743878.0000020004114000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3073003529.00000200041C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/socket.html#socket.socket.connect_ex
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: rvigVjH6wf.exe, 00000001.00000002.3070454752.00000200012B2000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1837280021.0000020002CAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/astral-sh/ruff
Source: rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/platformdirs/platformdirs
Source: rvigVjH6wf.exe, 00000001.00000002.3072743878.0000020004124000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.md
Source: rvigVjH6wf.exe, 00000001.00000002.3071439075.00000200034C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/packaging
Source: rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: rvigVjH6wf.exe, 00000001.00000002.3072414827.0000020003BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: rvigVjH6wf.exe, 00000001.00000002.3072414827.0000020003BC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel
Source: rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/wheel/issues
Source: rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: rvigVjH6wf.exe, 00000001.00000003.1837280021.0000020002CAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: rvigVjH6wf.exe, 00000001.00000002.3070454752.00000200012B2000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1837280021.0000020002CAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: rvigVjH6wf.exe, 00000001.00000003.1843203707.000002000325D000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1841560621.000002000327F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1841755146.00000200031F9000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1842606037.0000020003217000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1842606037.000002000325D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: rvigVjH6wf.exe, 00000001.00000002.3070454752.00000200012B2000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1837280021.0000020002CAB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: rvigVjH6wf.exe, 00000001.00000002.3071661153.00000200035C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: rvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003FEC000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: rvigVjH6wf.exe, 00000001.00000002.3070769596.0000020002C80000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072117092.0000020003968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072117092.0000020003968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000381B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: rvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: METADATA0.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: rvigVjH6wf.exe, 00000001.00000002.3071439075.00000200034C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: rvigVjH6wf.exe, 00000001.00000003.1845946961.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1847117826.0000020003232000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1846941430.0000020003623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: rvigVjH6wf.exe, 00000001.00000002.3072414827.0000020003BC0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: rvigVjH6wf.exe, 00000001.00000002.3071347853.00000200033C0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1842059718.00000200031F5000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: rvigVjH6wf.exe, 00000001.00000002.3074644206.00007FFDFB464000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
Source: rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
Source: rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/setuptools/
Source: rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: rvigVjH6wf.exe, 00000001.00000002.3072743878.0000020004124000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: rvigVjH6wf.exe, 00000001.00000002.3072743878.0000020004124000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.ioe
Source: rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: rvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031E3000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840926416.00000200031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: rvigVjH6wf.exe, 00000001.00000003.1842754140.00000200030EE000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031D7000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031E3000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840926416.00000200031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: rvigVjH6wf.exe, 00000001.00000002.3071266451.00000200032C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: rvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031E3000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840614084.000002000323E000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840926416.00000200031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:
Source: rvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031E3000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840614084.000002000323E000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840926416.00000200031E7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;Nr
Source: rvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: rvigVjH6wf.exe, 00000001.00000003.1845946961.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1845361070.000002000363C000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1847117826.0000020003232000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: rvigVjH6wf.exe, 00000001.00000002.3070769596.0000020002C80000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: rvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003F00000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/
Source: rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wheel.readthedocs.io/en/stable/news.html
Source: rvigVjH6wf.exe, 00000001.00000003.1843786744.0000020003709000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1845361070.0000020003769000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1846249136.00000200036E7000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1843786744.0000020003748000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: rvigVjH6wf.exe, 00000000.00000003.1811173558.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: rvigVjH6wf.exe, 00000000.00000003.1811173558.0000025CAF583000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1811243842.0000025CAF584000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1811173558.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmp, rvigVjH6wf.exe, 00000001.00000002.3074211297.00007FFDFB04A000.00000002.00000001.01000000.00000011.sdmpString found in binary or memory: https://www.openssl.org/H
Source: rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: rvigVjH6wf.exe, 00000001.00000003.1845946961.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1847117826.0000020003232000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1846941430.0000020003623000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/dev/peps/pep-0427/
Source: rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002B80000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: rvigVjH6wf.exe, 00000001.00000002.3075059220.00007FFDFB5DC000.00000008.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: rvigVjH6wf.exe, 00000001.00000002.3074644206.00007FFDFB464000.00000002.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200031AD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072117092.0000020003968000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E69D40_2_00007FF6B89E69D4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E09380_2_00007FF6B89E0938
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89C8BD00_2_00007FF6B89C8BD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E5C700_2_00007FF6B89E5C70
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89C10000_2_00007FF6B89C1000
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D21D40_2_00007FF6B89D21D4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D3A140_2_00007FF6B89D3A14
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D81540_2_00007FF6B89D8154
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D19B40_2_00007FF6B89D19B4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89DDACC0_2_00007FF6B89DDACC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D1BC00_2_00007FF6B89D1BC0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89CA34B0_2_00007FF6B89CA34B
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89CA4E40_2_00007FF6B89CA4E4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89CAD1D0_2_00007FF6B89CAD1D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D2C800_2_00007FF6B89D2C80
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E3C800_2_00007FF6B89E3C80
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E09380_2_00007FF6B89E0938
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E64880_2_00007FF6B89E6488
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89DE5E00_2_00007FF6B89DE5E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D1DC40_2_00007FF6B89D1DC4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D36100_2_00007FF6B89D3610
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D5DA00_2_00007FF6B89D5DA0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E5EEC0_2_00007FF6B89E5EEC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D9F100_2_00007FF6B89D9F10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D1FD00_2_00007FF6B89D1FD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D88040_2_00007FF6B89D8804
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89DDF600_2_00007FF6B89DDF60
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E97980_2_00007FF6B89E9798
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89D17B00_2_00007FF6B89D17B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E18E40_2_00007FF6B89E18E4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E411C0_2_00007FF6B89E411C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89C98700_2_00007FF6B89C9870
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E69D41_2_00007FF6B89E69D4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89C10001_2_00007FF6B89C1000
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D21D41_2_00007FF6B89D21D4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D3A141_2_00007FF6B89D3A14
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E09381_2_00007FF6B89E0938
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D81541_2_00007FF6B89D8154
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D19B41_2_00007FF6B89D19B4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89DDACC1_2_00007FF6B89DDACC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D1BC01_2_00007FF6B89D1BC0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89C8BD01_2_00007FF6B89C8BD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89CA34B1_2_00007FF6B89CA34B
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89CA4E41_2_00007FF6B89CA4E4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89CAD1D1_2_00007FF6B89CAD1D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E5C701_2_00007FF6B89E5C70
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D2C801_2_00007FF6B89D2C80
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E3C801_2_00007FF6B89E3C80
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E09381_2_00007FF6B89E0938
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E64881_2_00007FF6B89E6488
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89DE5E01_2_00007FF6B89DE5E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D1DC41_2_00007FF6B89D1DC4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D36101_2_00007FF6B89D3610
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D5DA01_2_00007FF6B89D5DA0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E5EEC1_2_00007FF6B89E5EEC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D9F101_2_00007FF6B89D9F10
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D1FD01_2_00007FF6B89D1FD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D88041_2_00007FF6B89D8804
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89DDF601_2_00007FF6B89DDF60
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E97981_2_00007FF6B89E9798
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89D17B01_2_00007FF6B89D17B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E18E41_2_00007FF6B89E18E4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E411C1_2_00007FF6B89E411C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89C98701_2_00007FF6B89C9870
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFDFF1918A01_2_00007FFDFF1918A0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFDFF1912F01_2_00007FFDFF1912F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F116D1_2_00007FFE012F116D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013283F01_2_00007FFE013283F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1B541_2_00007FFE012F1B54
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F16FE1_2_00007FFE012F16FE
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F86301_2_00007FFE012F8630
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1A0F1_2_00007FFE012F1A0F
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0135C5301_2_00007FFE0135C530
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013626E01_2_00007FFE013626E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F16181_2_00007FFE012F1618
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F26121_2_00007FFE012F2612
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F26FD1_2_00007FFE012F26FD
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F143D1_2_00007FFE012F143D
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F13DE1_2_00007FFE012F13DE
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F17F81_2_00007FFE012F17F8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F24D71_2_00007FFE012F24D7
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F149C1_2_00007FFE012F149C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F117C1_2_00007FFE012F117C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F21C11_2_00007FFE012F21C1
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1C121_2_00007FFE012F1C12
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013070B01_2_00007FFE013070B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1FD71_2_00007FFE012F1FD7
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013393701_2_00007FFE01339370
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F155A1_2_00007FFE012F155A
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133D2F01_2_00007FFE0133D2F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE013357701_2_00007FFE01335770
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0133D7C01_2_00007FFE0133D7C0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0131B7001_2_00007FFE0131B700
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F21DF1_2_00007FFE012F21DF
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F15461_2_00007FFE012F1546
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F15961_2_00007FFE012F1596
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1AD71_2_00007FFE012F1AD7
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01369B301_2_00007FFE01369B30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1CBC1_2_00007FFE012F1CBC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01315CF01_2_00007FFE01315CF0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1D8E1_2_00007FFE012F1D8E
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F1EDD1_2_00007FFE012F1EDD
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0E16C7301_2_00007FFE0E16C730
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0E170F901_2_00007FFE0E170F90
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB51FB01_2_00007FFE0EB51FB0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB523E01_2_00007FFE0EB523E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB648101_2_00007FFE0EB64810
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB645C01_2_00007FFE0EB645C0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBD24901_2_00007FFE0EBD2490
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBD35201_2_00007FFE0EBD3520
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBD29B01_2_00007FFE0EBD29B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBD2EB01_2_00007FFE0EBD2EB0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBD1FE01_2_00007FFE0EBD1FE0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBD1D701_2_00007FFE0EBD1D70
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBE21201_2_00007FFE0EBE2120
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBE1D301_2_00007FFE0EBE1D30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBF1F001_2_00007FFE0EBF1F00
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBF21E01_2_00007FFE0EBF21E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC11F801_2_00007FFE0EC11F80
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC223801_2_00007FFE0EC22380
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC21D301_2_00007FFE0EC21D30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC222701_2_00007FFE0EC22270
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC322801_2_00007FFE0EC32280
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC31D301_2_00007FFE0EC31D30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC452E01_2_00007FFE0EC452E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC4BAE81_2_00007FFE0EC4BAE8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC45AB41_2_00007FFE0EC45AB4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC48CAC1_2_00007FFE0EC48CAC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC499C01_2_00007FFE0EC499C0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC49DBC1_2_00007FFE0EC49DBC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC485A81_2_00007FFE0EC485A8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE101D21501_2_00007FFE101D2150
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE10237F791_2_00007FFE10237F79
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE10237BA01_2_00007FFE10237BA0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE10301FE01_2_00007FFE10301FE0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE110722301_2_00007FFE11072230
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EA10001_2_00007FFE11EA1000
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EA18E01_2_00007FFE11EA18E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EA12B01_2_00007FFE11EA12B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EC25201_2_00007FFE11EC2520
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EC8CD01_2_00007FFE11EC8CD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11ECF8BC1_2_00007FFE11ECF8BC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EC5C901_2_00007FFE11EC5C90
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EC2FD01_2_00007FFE11EC2FD0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EC1BA01_2_00007FFE11EC1BA0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EC53601_2_00007FFE11EC5360
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EC12B01_2_00007FFE11EC12B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EC6E501_2_00007FFE11EC6E50
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE0136C931 appears 39 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE0136C93D appears 69 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE0136C265 appears 48 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE0E163870 appears 51 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE0E1638F0 appears 116 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE0136C17B appears 38 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE0136C181 appears 1188 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE0136C16F appears 335 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FFE012F1325 appears 477 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FF6B89C2910 appears 34 times
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: String function: 00007FF6B89C2710 appears 104 times
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: rvigVjH6wf.exe, 00000000.00000003.1807688188.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1808188332.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1816577308.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1808345880.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1809117635.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000000.00000003.1817233328.0000025CAF576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exeBinary or memory string: OriginalFilename vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3075474604.00007FFDFB705000.00000002.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3077264205.00007FFE0EC69000.00000002.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3084919929.00007FFE1A469000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3083655428.00007FFE130C7000.00000002.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3083322231.00007FFE11EE5000.00000002.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3083805551.00007FFE13213000.00000002.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3083942793.00007FFE13392000.00000002.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3084687834.00007FFE148EE000.00000002.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3078295161.00007FFE1025D000.00000002.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3084266011.00007FFE14636000.00000002.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3074211297.00007FFDFB04A000.00000002.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3070426205.0000020001200000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3083176955.00007FFE11EAE000.00000002.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs rvigVjH6wf.exe
Source: rvigVjH6wf.exe, 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs rvigVjH6wf.exe
Source: classification engineClassification label: mal56.troj.winEXE@3/89@0/1
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962Jump to behavior
Source: rvigVjH6wf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\rvigVjH6wf.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: rvigVjH6wf.exeVirustotal: Detection: 36%
Source: rvigVjH6wf.exeReversingLabs: Detection: 36%
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile read: C:\Users\user\Desktop\rvigVjH6wf.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\rvigVjH6wf.exe "C:\Users\user\Desktop\rvigVjH6wf.exe"
Source: C:\Users\user\Desktop\rvigVjH6wf.exeProcess created: C:\Users\user\Desktop\rvigVjH6wf.exe "C:\Users\user\Desktop\rvigVjH6wf.exe"
Source: C:\Users\user\Desktop\rvigVjH6wf.exeProcess created: C:\Users\user\Desktop\rvigVjH6wf.exe "C:\Users\user\Desktop\rvigVjH6wf.exe"Jump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeSection loaded: wintypes.dllJump to behavior
Source: rvigVjH6wf.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: rvigVjH6wf.exeStatic file information: File size 15923171 > 1048576
Source: rvigVjH6wf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: rvigVjH6wf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: rvigVjH6wf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: rvigVjH6wf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: rvigVjH6wf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: rvigVjH6wf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: rvigVjH6wf.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: rvigVjH6wf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: rvigVjH6wf.exe, 00000001.00000002.3074644206.00007FFDFB464000.00000002.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: rvigVjH6wf.exe, 00000000.00000003.1835603002.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmp
Source: Binary string: D:\a\1\b\libcrypto-3.pdb| source: rvigVjH6wf.exe, 00000001.00000002.3073840141.00007FFDFAFA1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbDD source: rvigVjH6wf.exe, 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_overlapped.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808842560.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: rvigVjH6wf.exe, 00000000.00000003.1807688188.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3084847239.00007FFE1A463000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: rvigVjH6wf.exe, 00000001.00000002.3073840141.00007FFDFAF09000.00000002.00000001.01000000.00000011.sdmp, libcrypto-3.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: rvigVjH6wf.exe, 00000000.00000003.1807688188.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3084847239.00007FFE1A463000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\1\b\libcrypto-3.pdb source: rvigVjH6wf.exe, 00000001.00000002.3073840141.00007FFDFAFA1000.00000002.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_multiprocessing.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808762450.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, _multiprocessing.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: rvigVjH6wf.exe, 00000000.00000003.1826281291.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3084092236.00007FFE14633000.00000002.00000001.01000000.0000000C.sdmp, select.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: rvigVjH6wf.exe, 00000001.00000002.3084619082.00007FFE148E1000.00000002.00000001.01000000.00000007.sdmp, _ctypes.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808513749.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083133668.00007FFE11EA7000.00000002.00000001.01000000.00000010.sdmp, _hashlib.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_decimal.pdb$$ source: _decimal.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083247624.00007FFE11EDC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_asyncio.pdb source: rvigVjH6wf.exe, 00000000.00000003.1807822295.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, _asyncio.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: rvigVjH6wf.exe, 00000001.00000002.3077715316.00007FFE10252000.00000002.00000001.01000000.0000000E.sdmp, pyexpat.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808928734.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: rvigVjH6wf.exe, 00000000.00000003.1808630149.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083247624.00007FFE11EDC000.00000002.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: rvigVjH6wf.exe, 00000000.00000003.1807928362.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083891326.00007FFE1338D000.00000002.00000001.01000000.00000009.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"OpenSSL 3.0.13 30 Jan 20243.0.13built on: Mon Feb 5 17:39:09 2024 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083603535.00007FFE130C4000.00000002.00000001.01000000.0000000D.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: rvigVjH6wf.exe, 00000000.00000003.1809001178.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083753215.00007FFE13209000.00000002.00000001.01000000.0000000B.sdmp, _socket.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: rvigVjH6wf.exe, 00000000.00000003.1809244163.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3083603535.00007FFE130C4000.00000002.00000001.01000000.0000000D.sdmp, _wmi.pyd.0.dr
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: rvigVjH6wf.exe, 00000000.00000003.1818720260.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3070426205.0000020001200000.00000002.00000001.01000000.00000006.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdb source: rvigVjH6wf.exe, 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: rvigVjH6wf.exe, 00000001.00000002.3077196765.00007FFE0EC4D000.00000002.00000001.01000000.00000012.sdmp, _ssl.pyd.0.dr
Source: rvigVjH6wf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: rvigVjH6wf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: rvigVjH6wf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: rvigVjH6wf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: rvigVjH6wf.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: fothk
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libcrypto-3.dll.0.drStatic PE information: section name: .00cfg
Source: libssl-3.dll.0.drStatic PE information: section name: .00cfg
Source: python312.dll.0.drStatic PE information: section name: PyRuntim
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE01314021 push rcx; ret 1_2_00007FFE01314022
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11ECD3E8 push rbp; iretd 1_2_00007FFE11ECD3ED

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\rvigVjH6wf.exeProcess created: "C:\Users\user\Desktop\rvigVjH6wf.exe"
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\select.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 3000
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89C76B0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF6B89C76B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\select.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17369
Source: C:\Users\user\Desktop\rvigVjH6wf.exeAPI coverage: 0.7 %
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89C92F0 FindFirstFileExW,FindClose,0_2_00007FF6B89C92F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89C83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF6B89C83B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF6B89E18E4
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89C92F0 FindFirstFileExW,FindClose,1_2_00007FF6B89C92F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89C83B0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,1_2_00007FF6B89C83B0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89E18E4 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,1_2_00007FF6B89E18E4
Source: rvigVjH6wf.exe, 00000000.00000003.1809769017.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: rvigVjH6wf.exe, 00000001.00000003.1842168813.0000020002CC5000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3070769596.0000020002CC5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89CD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B89CD19C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E34F0 GetProcessHeap,0_2_00007FF6B89E34F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89CD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B89CD19C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89CD37C SetUnhandledExceptionFilter,0_2_00007FF6B89CD37C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89DA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF6B89DA684
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89CC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF6B89CC910
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89CD19C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6B89CD19C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89CD37C SetUnhandledExceptionFilter,1_2_00007FF6B89CD37C
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89DA684 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FF6B89DA684
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FF6B89CC910 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FF6B89CC910
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFDFF193068 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFDFF193068
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFDFF192AA0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFDFF192AA0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE012F2126 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE012F2126
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0E1742E0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0E1742E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0E174898 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0E174898
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB41420 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EB41420
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB419E0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EB419E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB51390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EB51390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB51960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EB51960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB61390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EB61390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EB61960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EB61960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBD1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EBD1390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBD1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EBD1960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBE1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EBE1390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBE1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EBE1960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBF1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EBF1390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EBF1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EBF1960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC01390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EC01390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC01960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EC01960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC11390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EC11390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC11960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EC11960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC21390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EC21390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC21960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EC21960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC31390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EC31390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC31960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EC31960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC430E8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE0EC430E8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE0EC426A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE0EC426A0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE101D1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE101D1960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE101D1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE101D1390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE1023FA30 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE1023FA30
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE1023FFF8 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE1023FFF8
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE10301960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE10301960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE10301390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE10301390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE10311390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE10311390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE10311960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE10311960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11071960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11071960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11071390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11071390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11501390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11501390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11501960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11501960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE117E1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE117E1960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE117E1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE117E1390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11BB1390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11BB1390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11BB1960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11BB1960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EA4090 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11EA4090
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11EA4660 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11EA4660
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11ED3CE0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE11ED3CE0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE11ED3710 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE11ED3710
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE12221960 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE12221960
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE12221390 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE12221390
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE12E114F0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_00007FFE12E114F0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE12E11AC0 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE12E11AC0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 1_2_00007FFE130C30AC IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00007FFE130C30AC
Source: C:\Users\user\Desktop\rvigVjH6wf.exeProcess created: C:\Users\user\Desktop\rvigVjH6wf.exe "C:\Users\user\Desktop\rvigVjH6wf.exe"Jump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E95E0 cpuid 0_2_00007FF6B89E95E0
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\licenses VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\select.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\_wmi.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\jaraco VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\_queue.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Protocol VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeQueries volume information: C:\Users\user\Desktop\rvigVjH6wf.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89CD080 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF6B89CD080
Source: C:\Users\user\Desktop\rvigVjH6wf.exeCode function: 0_2_00007FF6B89E5C70 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF6B89E5C70

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
Native API		1
DLL Side-Loading		11
Process Injection		11
Process Injection		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		1
Deobfuscate/Decode Files or Information		LSASS Memory21
Security Software Discovery		Remote Desktop ProtocolData from Removable Media11
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
Obfuscated Files or Information		Security Account Manager1
File and Directory Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
DLL Side-Loading		NTDS22
System Information Discovery		Distributed Component Object ModelInput Capture1
Application Layer Protocol		Traffic DuplicationData Destruction

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
rvigVjH6wf.exe36%VirustotalBrowse
rvigVjH6wf.exe37%ReversingLabsWin64.Packed.Generic

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_pkcs1_decode.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_curve25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_curve448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ed25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ed448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_asyncio.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_bz2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_ctypes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_decimal.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_hashlib.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_lzma.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_multiprocessing.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_overlapped.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_queue.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_socket.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_ssl.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\_wmi.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography\hazmat\bindings\_rust.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\pyexpat.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\python312.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\select.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI29962\unicodedata.pyd0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://foo/bar.tgz0%Avira URL Cloudsafe
https://blog.jaraco.com/skeleton0%Avira URL Cloudsafe
http://repository.swisssign.com/cet0%Avira URL Cloudsafe
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:r;NrrvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031E3000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840614084.000002000323E000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840926416.00000200031E7000.00000004.00000020.00020000.00000000.sdmpfalse
    		high
    https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdfrvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpfalse
      		high
      https://github.com/astral-sh/ruffrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
        		high
        https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesrvigVjH6wf.exe, 00000001.00000002.3071266451.00000200032C0000.00000004.00001000.00020000.00000000.sdmpfalse
        • Avira URL Cloud: safe
        		unknown
        https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svgrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
          		high
          http://crl.dhimyotis.com/certignarootca.crl0rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200031AD000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://github.com/python/importlib_metadataMETADATA0.0.drfalse
              		high
              https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assetsrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                		high
                https://github.com/python/importlib_metadata/issuesrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                  		high
                  https://setuptools.pypa.io/en/latest/rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                    		high
                    https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#rvigVjH6wf.exe, 00000001.00000002.3070454752.00000200012B2000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1837280021.0000020002CAB000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://wheel.readthedocs.io/en/stable/news.htmlrvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/pyca/cryptography/actions?query=workflow%3ACIrvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                          		high
                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl=drvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                            		high
                            https://importlib-metadata.readthedocs.io/METADATA0.0.drfalse
                              		high
                              https://tools.ietf.org/html/rfc2388#section-4.4rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://www.apache.org/licenses/LICENSE-2.0rvigVjH6wf.exe, 00000000.00000003.1811173558.0000025CAF583000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1811243842.0000025CAF584000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000000.00000003.1811173558.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                  		high
                                  https://packaging.python.org/en/latest/specifications/core-metadata/rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                    		high
                                    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64rvigVjH6wf.exe, 00000001.00000003.1842059718.00000200031BD000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1842754140.00000200031B8000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200031AD000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1845946961.00000200031B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/pypa/packagingrvigVjH6wf.exe, 00000001.00000002.3071439075.00000200034C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                        		high
                                        https://readthedocs.org/projects/importlib-metadata/badge/?version=latestrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                          		high
                                          https://refspecs.linuxfoundation.org/elf/gabi4rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              https://blog.jaraco.com/skeletonrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://tools.ietf.org/html/rfc3610rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://github.com/platformdirs/platformdirsrvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://peps.python.org/pep-0205/rvigVjH6wf.exe, 00000001.00000002.3071347853.00000200033C0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1842059718.00000200031F5000.00000004.00000020.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                    		high
                                                    http://crl.dhimyotis.com/certignarootca.crlrvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://curl.haxx.se/rfc/cookie_spec.htmlrvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003FF4000.00000004.00001000.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://ocsp.accv.esrvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://github.com/pypa/.github/blob/main/CODE_OF_CONDUCT.mdrvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr:rvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031E3000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840614084.000002000323E000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840926416.00000200031E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenamervigVjH6wf.exe, 00000001.00000002.3070639753.0000020002B80000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyrvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003F00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://httpbin.org/getrvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003F00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://packaging.python.org/en/latest/specifications/entry-points/rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-accessrvigVjH6wf.exe, 00000001.00000003.1842754140.00000200030EE000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031D7000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031E3000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840926416.00000200031E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://pypi.org/project/build/).rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_codervigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://wwww.certigna.fr/autorites/0mrvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200031AD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/pypa/wheelrvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://www.python.org/dev/peps/pep-0427/rvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerrvigVjH6wf.exe, 00000001.00000002.3070454752.00000200012B2000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1837280021.0000020002CAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://foo/bar.tgzrvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://github.com/python/cpython/issues/86361.rvigVjH6wf.exe, 00000001.00000003.1843203707.000002000325D000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1841560621.000002000327F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1841755146.00000200031F9000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1842606037.0000020003217000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1842606037.000002000325D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://httpbin.org/rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.apache.org/licenses/rvigVjH6wf.exe, 00000000.00000003.1811173558.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.drfalse
                                                                                            		high
                                                                                            https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainrvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                              		high
                                                                                              https://wwww.certigna.fr/autorites/rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gzrvigVjH6wf.exe, 00000001.00000003.1843786744.0000020003709000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1845361070.0000020003769000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1846249136.00000200036E7000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1843786744.0000020003748000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_modulervigVjH6wf.exe, 00000001.00000002.3070874832.0000020002EC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://repository.swisssign.com/cetrvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesrvigVjH6wf.exe, 00000001.00000002.3070874832.0000020002EC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.python.org/3/reference/import.html#finders-and-loadersrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                        		high
                                                                                                        https://img.shields.io/badge/skeleton-2024-informationalrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                          		high
                                                                                                          https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-thervigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://cryptography.io/en/latest/installation/rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                  		high
                                                                                                                  https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_syrvigVjH6wf.exe, 00000001.00000002.3070454752.00000200012B2000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1837280021.0000020002CAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.python.org/psf/license/rvigVjH6wf.exe, 00000001.00000002.3075059220.00007FFDFB5DC000.00000008.00000001.01000000.00000004.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://docs.python.org/3/library/multiprocessing.htmlrvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://github.com/pypa/setuptools/issues/417#issuecomment-392298401rvigVjH6wf.exe, 00000001.00000002.3072414827.0000020003BC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://crl.securetrust.com/STCA.crlrvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://wwwsearch.sf.net/):rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003932000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.accv.es/legislacion_c.htmrvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://tools.ietf.org/html/rfc6125#section-6.4.3rvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003F00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://cryptography.io/en/latest/security/rvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.xrampsecurity.com/XGCA.crl0rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://bugs.python.org/issue44497.rvigVjH6wf.exe, 00000001.00000002.3072414827.0000020003BC0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072333206.0000020003AC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://www.cert.fnmt.es/dpcs/rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://setuptools.pypa.io/en/latest/pkg_resources.htmlrvigVjH6wf.exe, 00000001.00000003.1840667786.00000200031E3000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1840926416.00000200031E7000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://google.com/mailrvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072117092.0000020003968000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://img.shields.io/pypi/v/importlib_metadata.svgrvigVjH6wf.exe, 00000000.00000003.1828163769.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://packaging.python.org/specifications/entry-points/rvigVjH6wf.exe, 00000001.00000002.3072414827.0000020003BC0000.00000004.00001000.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3072487800.0000020003CC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://github.com/jaraco/jaraco.functools/issues/5rvigVjH6wf.exe, 00000001.00000002.3072248171.00000200039C0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://www.accv.es00rvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.python.org/psf/license/)rvigVjH6wf.exe, 00000001.00000002.3074644206.00007FFDFB464000.00000002.00000001.01000000.00000004.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.pyrvigVjH6wf.exe, 00000001.00000003.1837280021.0000020002CAB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://www.rfc-editor.org/info/rfc7253rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://github.com/pyca/cryptography/issuesMETADATA.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdfrvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://readthedocs.org/projects/cryptography/badge/?version=latestrvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://foss.heptapod.net/pypy/pypy/-/issues/3539rvigVjH6wf.exe, 00000001.00000002.3072560333.0000020003DC0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.rvigVjH6wf.exe, 00000001.00000002.3071661153.00000200035C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://google.com/rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://mahler:8092/site-updates.pyrvigVjH6wf.exe, 00000001.00000003.1845946961.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1847117826.0000020003232000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1846941430.0000020003623000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://crl.securetrust.com/SGCA.crlrvigVjH6wf.exe, 00000001.00000002.3073003529.0000020004203000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://.../back.jpegrvigVjH6wf.exe, 00000001.00000002.3072632014.0000020003F00000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://tools.ietf.org/html/rfc7231#section-4.3.6)rvigVjH6wf.exe, 00000001.00000003.1845946961.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1845361070.000002000363C000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000003.1847117826.0000020003232000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://tools.ietf.org/html/rfc5869rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://github.com/pyca/cryptographyrvigVjH6wf.exe, 00000000.00000003.1810786566.0000025CAF576000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://www.python.org/download/releases/2.3/mro/.rvigVjH6wf.exe, 00000001.00000002.3070639753.0000020002B80000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.htmlrvigVjH6wf.exe, 00000001.00000002.3071029723.00000200030C0000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.000002000388F000.00000004.00000020.00020000.00000000.sdmp, rvigVjH6wf.exe, 00000001.00000002.3071746518.0000020003622000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://cryptography.io/METADATA.0.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://github.com/pypa/wheel/issuesrvigVjH6wf.exe, 00000000.00000003.1834506245.0000025CAF578000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://httpbin.org/postrvigVjH6wf.exe, 00000001.00000002.3071029723.0000020003228000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_sourcervigVjH6wf.exe, 00000001.00000002.3070639753.0000020002BFC000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high

                                                                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                                  Public IPs

                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                  130.193.51.109
                                                                                                                                                                                                  		unknownRussian Federation
                                                                                                                                                                                                  		200350YANDEXCLOUDRUfalse

                                                                                                                                                                                                  General Information

                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                  Analysis ID:1577184
                                                                                                                                                                                                  Start date and time:2024-12-18 08:49:10 +01:00
                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                  Overall analysis duration:0h 9m 13s
                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                  Number of analysed new started processes analysed:6
                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                  Sample name:rvigVjH6wf.exe
                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                  Original Sample Name:b11f05236edbf4da040010b62b4c16cd4c7c0c3e6218bcd29170922973b94099.exe
                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                  Classification:mal56.troj.winEXE@3/89@0/1
                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                  HCA Information:Failed
                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                                                                                  Warnings

                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.63
                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                  • Report size getting too big, too many NtQueryVolumeInformationFile calls found.

                                                                                                                                                                                                  Simulations

                                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                                  No simulations

                                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                                  IPs

                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                  130.193.51.109Ao8sixO8Om.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                    Domains

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    YANDEXCLOUDRUAo8sixO8Om.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 130.193.51.109
                                                                                                                                                                                                    SecuriteInfo.com.Win32.Trojan-Downloader.Generic.9UTDDY.27958.1932.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                    • 84.201.150.223
                                                                                                                                                                                                    SecuriteInfo.com.Win64.MalwareX-gen.15798.11018.exeGet hashmaliciousMetasploitBrowse
                                                                                                                                                                                                    • 84.201.150.223
                                                                                                                                                                                                    http://xn--r1a.website/s/ogorodruGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 130.193.42.23
                                                                                                                                                                                                    http://vidaliaonion.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 130.193.53.230
                                                                                                                                                                                                    Vt5wr1Hj3H.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 178.154.229.200
                                                                                                                                                                                                    https://faq-kak.ru/kak-najti-svoyu-biblioteku-v-steam/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 130.193.58.13
                                                                                                                                                                                                    loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                    • 84.201.130.205
                                                                                                                                                                                                    http://paypal.6887xyyz.biz.id/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                    • 130.193.53.144
                                                                                                                                                                                                    file.exeGet hashmaliciousRaccoon Stealer v2, RedLine, SmokeLoaderBrowse
                                                                                                                                                                                                    • 130.193.51.105

                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                    No context

                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_ARC4.pydcPl7CoJTBx.exeGet hashmaliciousLuna Grabber, Luna LoggerBrowse
                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_chacha20.pydcPl7CoJTBx.exeGet hashmaliciousLuna Grabber, Luna LoggerBrowse
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_Salsa20.pydAS6xKJzYJT.exeGet hashmaliciousPython Stealer, XenoRATBrowse
                                                                                                                                                                                                          cPl7CoJTBx.exeGet hashmaliciousLuna Grabber, Luna LoggerBrowse

                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_ARC4.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11264
                                                                                                                                                                                                            Entropy (8bit):4.64091077287031
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:dGklddyTHThob0q/tJRrlDONYSOcqgYCWt:EgcdZq/JJDFgRWt
                                                                                                                                                                                                            MD5:F3A0DEF1BA9F7CF5DA771F5E7C29CA3F
                                                                                                                                                                                                            SHA1:21CA5BCB23A55A7FE41AF810C1B0E5DCAEB25C16
                                                                                                                                                                                                            SHA-256:362C42BD62E5751E9B647BD575D483CC510DC862AB6098E6893EDCF3F44A567E
                                                                                                                                                                                                            SHA-512:659DC896767501A8B7690CE944AA7A6D60A5F0596C32E2E2B0E8D4BF85434C25337BB6835A386CEAAEE245B9A5E9A06415196B9BDC115668373388D693DC747E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                            • Filename: cPl7CoJTBx.exe, Detection: malicious, Browse
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d....B.f.........." ................P........................................p............`..........................................'......0(..d....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata..Z.... ......................@..@.data...H....0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......(..............@..@.reloc..(....`.......*..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_Salsa20.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13824
                                                                                                                                                                                                            Entropy (8bit):5.019697132100443
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:4t/1nCuqaL0kt7AznuRmceS4lDhhAlcqgcLg:F/k1ACln4lDkgcLg
                                                                                                                                                                                                            MD5:2CE3043D6FBD62BCBE6948A1E6A789F0
                                                                                                                                                                                                            SHA1:7A5E9BC5A96BD2EC677927FB014073E7CDB70F3B
                                                                                                                                                                                                            SHA-256:C5A4AC8202A0211163938B6306E3A678CC461ED8E283F4C4601748D2E50783A3
                                                                                                                                                                                                            SHA-512:8FCA5216D65C66640541B31E21A7EB18F510C5C0D3420BFF5581337875A6F68DD808F35D61A759A26AAD9AE4F50AA1580E8D90E016D9ACDC5AA2D04CFAAD4377
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                            • Filename: AS6xKJzYJT.exe, Detection: malicious, Browse
                                                                                                                                                                                                            • Filename: cPl7CoJTBx.exe, Detection: malicious, Browse
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." ................P.....................................................`..........................................8......H9..d....`.......P..L............p..(....1...............................1..8............0...............................text...h........................... ..`.rdata..r....0......................@..@.data...H....@.......,..............@....pdata..L....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_chacha20.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13312
                                                                                                                                                                                                            Entropy (8bit):5.038085765012569
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:st/1nCuqaL0ktPMn1ENe3erKr5br0YbsiDA6a9lkOcqgRGd:p/kpMIodrXbsiDC95gRGd
                                                                                                                                                                                                            MD5:0BE007DD183DAF0F4B65E73CF19EA139
                                                                                                                                                                                                            SHA1:272275DA46E02B3C0F856E14F4FB27A0F4B0494E
                                                                                                                                                                                                            SHA-256:F6308DACB781C99D3B962451FC681973808792936690AF6AA7FA5B6DF40F4EAF
                                                                                                                                                                                                            SHA-512:F4F06C03239E262C5500E5E64AB4F8B71BF90EDE3B8157B572BF36F303DAE2D81DB2B063DF30E8D5E555A51B07A42264E19B68D25006BC31B4EA27F3FBE1E023
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                            • Filename: cPl7CoJTBx.exe, Detection: malicious, Browse
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." ................P.....................................................`......................................... 8.......8..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..d....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14336
                                                                                                                                                                                                            Entropy (8bit):5.09241379083317
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:rDVsiXeqVb0lIb0Pj5Jdfpm68WZDFnU282tacqgYLg:rD7ali0Pj5JxCaDpUlgYLg
                                                                                                                                                                                                            MD5:1831D77E3247E859A1BD4311637D5D17
                                                                                                                                                                                                            SHA1:730355120C6079AC3B38DD5E7FD0CF656CF604C2
                                                                                                                                                                                                            SHA-256:B04AB30C7AD39D852854AA0CCD9508D213EAA1B1D070B27D3679C1CBB53FAFC6
                                                                                                                                                                                                            SHA-512:5B208AC5C00CAF8C49FA82264308CC1379F1F83391CF6EDDEB1A35BCE6E7459F28CE6ABD5E32229A4CF1D096E05C59C96BE405F061E6883290BD27CC65D2E81E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d....B.f.........." ................P.....................................................`.........................................`8.......8..d....`.......P..(............p..(....1...............................1..8............0...............................text............................... ..`.rdata..6....0....... ..............@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_aes.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):36352
                                                                                                                                                                                                            Entropy (8bit):6.5414219614027544
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:m/UlZA5PUEllvxL/7v/iKBt5ByU0xGitqzSEkxGG7+tpKHb/LZ7fr52EkifcMxmP:RlcR7JriEbwDaS4j990th9VgBV
                                                                                                                                                                                                            MD5:E306365BDC8D15B2F477E5AF252D0B59
                                                                                                                                                                                                            SHA1:E6461FD5079050D129CD47CD4F6AFA7B632C4314
                                                                                                                                                                                                            SHA-256:2DCAC73EA3240A008D115BAC0EA4D7C65C8162676AB30BCAF7527C22B98B4929
                                                                                                                                                                                                            SHA-512:1B63A9ADCF6A37F601B8E1BD6206EC369A618C81F1C3477301053219DB1DDECC27B5AEB9E7AD7490C7E987BA196884D66E85BB5B7F4DAD43BFFF891310E11945
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d....B.f.........." .....H...H......P.....................................................`.........................................p...........d...............................0......................................8............`...............................text...xG.......H.................. ..`.rdata.."6...`...8...L..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_aesni.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15360
                                                                                                                                                                                                            Entropy (8bit):5.367966872597574
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:QJBj5fq/Rk0kPLhOZ3UucCWuSKPEkA2bDMJXx03cqg5YUMLgs:Sk1kTMZEjCWNaA2D4x0g5YUMLg
                                                                                                                                                                                                            MD5:973F11DE023C9337F35F9BB55C6154A6
                                                                                                                                                                                                            SHA1:C02FF64D9FC5B8B8590488BBE9658593FC90CA47
                                                                                                                                                                                                            SHA-256:483758336267F8842F5432BB83300EA0FCB49C4E0B29962CBD7F27B1C3DFC56A
                                                                                                                                                                                                            SHA-512:8658ADE868C9D942660361A60C5B4068238B418857BBBD4B1712DE5A146300F435960A75C411E1737E590020644309C92A2DCFDA69A2D6162A4135244A282871
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." ......... ......P.....................................................`..........................................9......$:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0......."..............@..@.data...8....@.......2..............@....pdata.......P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_arc2.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16384
                                                                                                                                                                                                            Entropy (8bit):5.411163759850271
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:a3d9FkHaz0EJvrj+CYuz7ucc9dG7otDrM2KcqgOiewZjW:ekHEJzj+X6769lD1agO/w
                                                                                                                                                                                                            MD5:31F8353B80EA438AA705A7986DF24ED3
                                                                                                                                                                                                            SHA1:3BBA2691BA37884AC5DD6397456EC1D46E2D25C0
                                                                                                                                                                                                            SHA-256:89A51C145166DD24CF83D358ADE292B23F20B94BE783D5FE33A9DA2D7F2C14EB
                                                                                                                                                                                                            SHA-512:8CC35583EF842164A29F23E9A643898C622003654E551DADBBB6DD309017ABD886D2BDC491472B21ED8816B0619A521B70934FD8CD2614BAABC2DADEED237FA6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ....."... ......P.....................................................`.........................................pI.......J..d....p.......`..................(....B...............................B..8............@...............................text...( .......".................. ..`.rdata..<....@.......&..............@..@.data...H....P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..(............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):20992
                                                                                                                                                                                                            Entropy (8bit):6.041327291179631
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:CUX0JfbRz5MLZA0nmwzMDYpJgLa0Mp8zDBcxgprAM:0NbRzWXwDqgLa1wBfP
                                                                                                                                                                                                            MD5:F86637FA9E2246C36B6FFB90CA83E66C
                                                                                                                                                                                                            SHA1:BA04C29B14B39295CE0C9CE1F1B8444DC7EDF275
                                                                                                                                                                                                            SHA-256:933330BD2D55DE985B45BDD12B99291B4507C830CD6CC9E917CEDD1E49E878EC
                                                                                                                                                                                                            SHA-512:128B6322338C7B262B2BA6155FADC798E6F59011810B7A4501BBBECE19EA20CB857BFD180B0AB727347ACEE651949A45FB4183445293853698B4F42E999C47DA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." .....$...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text....".......$.................. ..`.rdata.......@... ...(..............@..@.data...H....`.......H..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc..0............P..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cast.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):24576
                                                                                                                                                                                                            Entropy (8bit):6.530672619544914
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:pEDwUBi9SPu71omZXmrfXA+UA10ol31tuX8YdAgYj:CsUBXmoEXmrXA+NNxWMYfo
                                                                                                                                                                                                            MD5:AC98B10064264B49DE13F66E60CD47B5
                                                                                                                                                                                                            SHA1:C14CA2E042F6FA11135CE824F14A14E3625D1A97
                                                                                                                                                                                                            SHA-256:8621AC7A3E09367BB0C529FDD3D178F20EDFA193FE0D19A02DE424A6BBA45229
                                                                                                                                                                                                            SHA-512:A30EA39A36FC58B888E10F2C4C8B075787B03019C0408F0083D2A6A30707380841E6A6A726ADF5F24013AE5B481D3998541EB3C29F9744DB95D4BD53287835D2
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." .....$...>............................................................`..........................................h.......i..d...............................0....a...............................a..8............@...............................text....#.......$.................. ..`.rdata..:-...@.......(..............@..@.data...H....p.......V..............@....pdata...............X..............@..@.rsrc................\..............@..@.reloc..0............^..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cbc.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12288
                                                                                                                                                                                                            Entropy (8bit):4.7088945967294356
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:EF/1n7Guqaj0ktfEJwX1fYwCOD03lncqg0Gd6l:+GXkJEm1feODaDg0Gd6
                                                                                                                                                                                                            MD5:8D17946E6B1936061203AFE20CDDB5B0
                                                                                                                                                                                                            SHA1:589DAC4D2864FDC0219B0DE3973B2EE0023CD5EA
                                                                                                                                                                                                            SHA-256:BB9898057572F17131BB63D513C19901E29D2E29215F7A93D6D84FA537475F0B
                                                                                                                                                                                                            SHA-512:3354942781E4D36B84D83AB6959707D29F6E25D3614B15A228D63D084F6F2A280BFC9153F24EA0FEF489FA7043E21EB67E4B6D3AD7D073FDE37F6206462F5931
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......&..............@....pdata..X....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_cfb.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12800
                                                                                                                                                                                                            Entropy (8bit):5.159801367034206
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:kZlRgfeqfz0RP767fB4A84D+VD6eDcqgzbkLgmf:jwRj67p84Dm6eVgzbkLgmf
                                                                                                                                                                                                            MD5:606E85B094AE6752E1099A176AA20F09
                                                                                                                                                                                                            SHA1:35E9355CE75B57111D3793502636D5FCD78D34A4
                                                                                                                                                                                                            SHA-256:917FA3438B61CC207D73BD72CDA6C42CD08656A2187FD9CA2860C67C12677238
                                                                                                                                                                                                            SHA-512:19DE7B6C567E997825F2F08773C45A3562BC3980248DE31738395CAFA0306707A82F912A8B9B1DBA440162443E1554E87EF5586776189B763576D9A7ACA9E587
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d....B.f.........." ................P.....................................................`..........................................8......x9..d....`.......P..d............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......(..............@....pdata..d....P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ctr.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14848
                                                                                                                                                                                                            Entropy (8bit):5.270331451319695
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:vrtJ1gifqQGRk0IP73AdXdmEEEEEm9uhiFEQayDsVMcqgnF6+6Lg:vrdU1ID3AdXd49urQPDbgnUjLg
                                                                                                                                                                                                            MD5:F3CFD044825E9C08CE37A8034E2ED786
                                                                                                                                                                                                            SHA1:51637C5678AEDF528ADEF8036C53513495FCBB44
                                                                                                                                                                                                            SHA-256:BCBE37F565B91A127E40634DB8E7E1B8B1CE3E1344F3FA082496B93D75435B80
                                                                                                                                                                                                            SHA-512:FD9F8AE46A438138C31408EBF9129DD507A8FD6DC24F24EAE2B2DD8BD90E8B78AFB0AEF82A314CA5566D4D1BB7D166642DD2E7D7EA8E484C0261F623B2C1C15B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d....B.f.........." ......... ......P.....................................................`.........................................`9.......:..d....`.......P...............p..(....1...............................1..8............0.. ............................text............................... ..`.rdata.......0....... ..............@..@.data........@.......0..............@....pdata.......P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_des.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):56832
                                                                                                                                                                                                            Entropy (8bit):4.231023773248046
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:EqcmHBeNL1dO/qHkpnYcZiGKdZHDLY84vnKAnK2rZw21agVF:vEiqHHx4vZTV
                                                                                                                                                                                                            MD5:FE88CD3248814691F951330F780E351C
                                                                                                                                                                                                            SHA1:4DF59A4BC3A3F72BCAADEC80C3326BEBB7D7213E
                                                                                                                                                                                                            SHA-256:BB692D568653FBB9414A050665A94ABB42905AC4343A30ECDC2953C4F840631F
                                                                                                                                                                                                            SHA-512:2E90F8DF00609DDAA14A3174DC844EF8E2D26F49E8A2C086251B0643916C84CC6605CE67C6C5A98753C8095BCC63453F64C7A0AA956547A62B7F82C7487502A6
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d....B.f.........." .....6...................................................0............`.................................................\...d...............l............ ..0... ...............................@...8............P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...H...........................@....pdata..l...........................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_des3.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):57344
                                                                                                                                                                                                            Entropy (8bit):4.2524132143312645
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:Z4cmHBeIzNweVy/CHkRnYcZiGKdZHDLq80vnKAnKBrZWsURygUX:2EO6CHnX0vZn7
                                                                                                                                                                                                            MD5:17DEF19C3094153CC6CF76B7DAA71553
                                                                                                                                                                                                            SHA1:62E1D370F232C9421C9DEDB28DE2078B43D08651
                                                                                                                                                                                                            SHA-256:C20CD1A2A9082551F0F37B87AEDE89BFFDBD02B38BF03D0E73AEBAC3733DCC4D
                                                                                                                                                                                                            SHA-512:E2FBCF2729AB3972B65F35813BCE4E434160C7F798FB2C98088551D055C05ED1D49A8F3BD9D1C522B0D28CD120EB6A4BC9FACFC44674340ADB3FE45AA1FAC292
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d....B.f.........." .....8...................................................0............`.....................................................d............................ ..0... ...............................@...8............P...............................text...X7.......8.................. ..`.rdata......P.......<..............@..@.data...H...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..0.... ......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ecb.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10240
                                                                                                                                                                                                            Entropy (8bit):4.691147079095514
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:Bddz2KTnThIz0qfteRY4zp+DUPLui8p1cqgHCWt:t2E9RqfCXp+DUjuRpLgiWt
                                                                                                                                                                                                            MD5:4DB0AC98329AE64CEC9C28570AF52968
                                                                                                                                                                                                            SHA1:8F7D327C1049C27B0DF6BC6C2017CC302BA99A10
                                                                                                                                                                                                            SHA-256:5A43E3809403668ED6C6F17A71828EB8CD0DCB64AFC09B815A4B9F05C3661714
                                                                                                                                                                                                            SHA-512:515E0B972A644620C27B3C074AEE62B8BA5AA679B0E1C936F616C5537A83C7CA762B7A6C7ACC3279AB235D1D344DB9423CDC1ABF7C72775D4BBFB2CB24CBF6B9
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d....B.f.........." ................P........................................p............`.........................................0'.......'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22016
                                                                                                                                                                                                            Entropy (8bit):6.121802927133552
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:0UX0JfbRwUtPMbNv37t6K5jwbDEpJgLa0Mp8mJCkgJrAm:KNbRw8EbxwKBwbD+gLa1ch
                                                                                                                                                                                                            MD5:257E449799177D7F43EB1B8ED6180C1C
                                                                                                                                                                                                            SHA1:E023424CCBDCE4EF3CC5D0A723FE2D2E02363CAB
                                                                                                                                                                                                            SHA-256:8425C2E412045DA204419B41D80D6538636F13FD187F7F8A259F29F5380A2536
                                                                                                                                                                                                            SHA-512:944070BD07EDB03BC8EC599D26D3B182F27A71DA2DB1C79CA01914F5637AE1BB9C47E0F2D56C8FC1433E325C1BAF903E330BE123C0CB36E6F355FF5DB649D9FA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." .....(...0......P.....................................................`.........................................0Y.......Y..d............p..................0....Q...............................R..8............@...............................text...H'.......(.................. ..`.rdata.......@... ...,..............@..@.data...H....`.......L..............@....pdata.......p.......N..............@..@.rsrc................R..............@..@.reloc..0............T..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ocb.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17920
                                                                                                                                                                                                            Entropy (8bit):5.293998683514664
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:XPHoDUntQjNB+/yw/pogeXOvXoTezczOo3p9iJgD93iNgnVbwhA:iUOhBcDRogeXOfoTezcio3pUJgD93i+
                                                                                                                                                                                                            MD5:ED75912A048CA3C2E0FE8E7307559347
                                                                                                                                                                                                            SHA1:BB0998846468A91A5FB6D9725439C2F62E02CC21
                                                                                                                                                                                                            SHA-256:EB1085A28631FE3C8B3350B19DDDC5C2EAF9B2CBF1C578FDFBF6B72FDF0B909C
                                                                                                                                                                                                            SHA-512:C04F62F57E0395EC731180F6CE9568A35C00BE51AE172F2F6EEE4D9D6726F5BDC41A55E8043D596E9724CCEE00F861F349E3F787FC3C1B5ADB47F8C194A23FB1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....(... ......P.....................................................`.........................................pI......lJ..d....p.......`..................(....A...............................A..8............@...............................text....'.......(.................. ..`.rdata.......@.......,..............@..@.data........P.......<..............@....pdata.......`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Cipher\_raw_ofb.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11776
                                                                                                                                                                                                            Entropy (8bit):4.86291799390376
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:ra+F/1NtJ9t4udqaj01rlALnNNJSS2sP+YEdMN+F9FdKaWDCLk+VOmWbucX6gRCk:dF/1n7Guqaj0ktfEON+bMDClJcqg0Gd
                                                                                                                                                                                                            MD5:DAE7F4DD6792FB84C91BD45D44ED6C96
                                                                                                                                                                                                            SHA1:A88EB81D4D72ADC4C7F7402338F9D5760957EFC3
                                                                                                                                                                                                            SHA-256:01EB2117F0223F0447CD16B5EC79BAF3430871DA8EF461404BA13592D2E8A89C
                                                                                                                                                                                                            SHA-512:66E98AE82073ABB24E9053203F41CEBB4AC30A461FE2A62BAA1190970E1BE7567F495914E017EC94B6B911BAB721E63A7FF2D1D85E29D5824AB3D9BC9FB9FCE4
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......$..............@....pdata..X....P.......&..............@..@.rsrc........`.......*..............@..@.reloc..(....p.......,..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_BLAKE2b.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14336
                                                                                                                                                                                                            Entropy (8bit):5.227344334667063
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:7aF/1n7Guqaj0ktrE8o2o+V2rQnjt1wmg9jtveDi4clG6VcqgOvgdd:7wGXkFE8Zo+AojO9jZeD85rgOvgz
                                                                                                                                                                                                            MD5:607DD619A4BBB03D587D5D4C6A145B25
                                                                                                                                                                                                            SHA1:CC3024641B61EB3F8DB9BFBC3CEA72EAA2F58FE3
                                                                                                                                                                                                            SHA-256:944598CCCB552A1E00DBD3915F11BAB5E38E8B1AE2ADC05BCDEAED42F28723FC
                                                                                                                                                                                                            SHA-512:C3C2B22377747CD9A8F19218A048EA55523AE384EAD43492662D1DDB54281E0AF8E2C34B815CD4AFA96A65CF407DE89745B1E74A5830FEA19F3B9500A0086C0D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...x........................... ..`.rdata.......0....... ..............@..@.data...H....@......................@....pdata..@....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_BLAKE2s.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13824
                                                                                                                                                                                                            Entropy (8bit):5.1766092054656285
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:yF/1n7Guqaj0ktrESsrUW+SBjsK5tcQmEreDLmf1AoxkVcqgOvgXQ:IGXkFE/UW575tA2eDy1Ao2rgOvgX
                                                                                                                                                                                                            MD5:1DEE6707A941E02202A47C58408ED538
                                                                                                                                                                                                            SHA1:511387A5A611119BA81377931DA5A8DA5C429B78
                                                                                                                                                                                                            SHA-256:4E76A0BE3E295571172CF1D06DBCC48F715357BB496D8567D9376667326FA5EF
                                                                                                                                                                                                            SHA-512:F29063D04151C9DF75CA2C138FBA5F9E4DA551F0FDFA7A8A83390DF0DCDE064038BA87EEC4C852A87D80CEF0DC38306AED1121D06A6B337E4CC722E4057C432A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ................P.....................................................`..........................................8.......9..d....`.......P..@............p..(....2...............................2..8............0...............................text...h........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata..@....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD2.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14336
                                                                                                                                                                                                            Entropy (8bit):5.0474332549987055
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:HalCvH32p3/2pnEhKnLg9yH8puzoFaPERIQAvHDgCIg5kP:gCvHmp3OpnEhmLg9yH8puzoFaPERIQg1
                                                                                                                                                                                                            MD5:B75BE9023BA98415A8ED687A4115B0C9
                                                                                                                                                                                                            SHA1:860ADADC887580255B0C9580392AF7CA8155D7A6
                                                                                                                                                                                                            SHA-256:3E04C68EBF4834B8F9CCD1AFD29302E2D76B03874D8611BBD6E8750CD18AA317
                                                                                                                                                                                                            SHA-512:7B566F523635EA0D7082D564A4E13EEFC254D1A6DC27593FB79DF2E76C95BC24E3CF4637C19505BD709BF44D5110666C1373C9936F5A84ED51D86093F2F2188A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ......... ......P.....................................................`.........................................@9.......9..d....`.......P..(............p..(....2...............................2..8............0...............................text...X........................... ..`.rdata..@....0......................@..@.data...x....@......................@....pdata..(....P.......0..............@..@.rsrc........`.......4..............@..@.reloc..(....p.......6..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD4.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13824
                                                                                                                                                                                                            Entropy (8bit):5.099563420082932
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:hsiXeqVb0lwbH4P01sAD7I/9hAkwDmzBEbcqgqLg:/alqH4M1sAD7KvpwDVtgqLg
                                                                                                                                                                                                            MD5:B0A744729C904B9955D580A919AF5F28
                                                                                                                                                                                                            SHA1:04B9346C7935945EF796BE8A46304F43162C6C02
                                                                                                                                                                                                            SHA-256:D2341DA9A7EE7D88CDD61FB008A2F5D66D386129DCA52B60745B9A6FC996A428
                                                                                                                                                                                                            SHA-512:F1D42900B7108AD2A82DC13BB9605972873EAE000C76BFDFAAA338A634DB114E4893642CBB532D9DA1C5FA762833ACCA3F6F287E4D379515452600A4A3591679
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ................P.....................................................`.........................................08.......8..d....`.......P..(............p..(....1...............................2..8............0...............................text............................... ..`.rdata..0....0......................@..@.data........@.......,..............@....pdata..(....P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_MD5.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15360
                                                                                                                                                                                                            Entropy (8bit):5.45178953834791
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:XfwogDHER1wuiDSyoGTgDcOviNgEPrLg:vgDHELwuiDScTgDBi+EP
                                                                                                                                                                                                            MD5:0D56F87EED6685569C363CD7B482FF0E
                                                                                                                                                                                                            SHA1:10EC6EA5D10CB98312B463E681C71A69CB529B11
                                                                                                                                                                                                            SHA-256:88E5A5508C7F672D130C2BAD89A892670967A8DF9B07DC479C37E00D3A23F8FF
                                                                                                                                                                                                            SHA-512:CA8C6B60377706D4BBF6FFD1AEAB7BCE36350CC92E9E1EEF0F7C1096A435745CB96E2518CC99DD03859CA2377B434A6D443054C30A7E563E0B6DAE8E7470CBAD
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ..... ..........P.....................................................`..........................................8......`9..d....`.......P..X............p..(....1...............................1..8............0...............................text............ .................. ..`.rdata.......0.......$..............@..@.data........@.......2..............@....pdata..X....P.......4..............@..@.rsrc........`.......8..............@..@.reloc..(....p.......:..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_RIPEMD160.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13824
                                                                                                                                                                                                            Entropy (8bit):5.10501678535697
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:lF/1n7Guqaj0kt7/Ev9kt0Qwac6QzD+iD0QocqgI4G0S:RGXkd/EvGt9wacNDJAgI4v
                                                                                                                                                                                                            MD5:3CF2B33DB41381691EF10E43AC6D9C74
                                                                                                                                                                                                            SHA1:F6EFDF5534BA86A8EF47B6499D85F618CEB93824
                                                                                                                                                                                                            SHA-256:C0FC3EB011753C30C79A6AA6982BF764174449E12BFEEACF475E42249EFAA218
                                                                                                                                                                                                            SHA-512:C47B5BF98798770029A49ABC1249916C5CB76119C0EF31E770D82813D084A57292B087133EE1CF025DF9A977B647A48EDDFAE2246E045CB2ACBCC71ACD57134A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." ......... ......P.....................................................`..........................................9.......:..d....`.......P...............p..(...@3..............................`3..8............0...............................text...H........................... ..`.rdata.......0......................@..@.data...H....@.......,..............@....pdata.......P......................@..@.rsrc........`.......2..............@..@.reloc..(....p.......4..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA1.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):17920
                                                                                                                                                                                                            Entropy (8bit):5.67112951018799
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:DPHoDUntQj0sKhDOJ+0QPSfu6rofDciZzgE+kbwb:mUOYsKNO466DcoUE+
                                                                                                                                                                                                            MD5:2EFA942A436CA17562FB49BB66ACDCC4
                                                                                                                                                                                                            SHA1:50B2841914E9A1237AC29C7A681F0951C03D59A4
                                                                                                                                                                                                            SHA-256:4810A6392848B3FF20D67A531A26DAAF2E1F2FE37CF61C0245D24CB0FA00177D
                                                                                                                                                                                                            SHA-512:BAD96C34D318B975330F720B422C758DDC91AE6AB34B873F9A68F060F52552939654AC7A78D49EA787D7F182E293C604F772BEA9E027D0159A43C9F06957D392
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....*..........P.....................................................`..........................................H......hI..d....p.......`..X...............(....A...............................A..8............@...............................text....).......*.................. ..`.rdata.......@......................@..@.data........P.......<..............@....pdata..X....`.......>..............@..@.rsrc........p.......B..............@..@.reloc..(............D..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA224.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21504
                                                                                                                                                                                                            Entropy (8bit):5.878788018845523
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:VJWo4IRCGHX1KXqHGcvYHp5RYcARQOj4MSTjqgPmJD1O2gkxEv:VcIRnHX1P/YtswvaD1Qk
                                                                                                                                                                                                            MD5:5CB71342E09FAA10F9C4B55E56746DEB
                                                                                                                                                                                                            SHA1:E1F5F0225CE90F3FAC8A3BC7898A18F145A15317
                                                                                                                                                                                                            SHA-256:30EB7E9CB9ECC84A424864E20B01EBA47ECB7E8597A83244C35798A1AB75F2E3
                                                                                                                                                                                                            SHA-512:5E5A154FB41E969021974889B1D5B5D657464D9B3C94AABA6F3DF74424934DA9D02786B242A6781257BF148198CE352B1851E46612BBD4C112B6677DB874BD08
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA256.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):21504
                                                                                                                                                                                                            Entropy (8bit):5.881719483503825
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:mJWo4IRCGHXfKXqHGcvYHp5RYcARQOj4MSTjqgPmJD1IgkxEv:mcIRnHXfP/YtswvaD1tk
                                                                                                                                                                                                            MD5:15E2C2434668D1648D9147156B0A44C6
                                                                                                                                                                                                            SHA1:BEA635ADFD889381CC324D2612606E409518261D
                                                                                                                                                                                                            SHA-256:EBEE833D40ED09ABCCFF1F415B4A4CB1EC6F8D84431067980B09A36450EDB9F8
                                                                                                                                                                                                            SHA-512:197818202B07F97DC370F456A1F59A5210C8AF7E8221D6E0BBF8A96E8190668DD29D353BFFB0F833FC622B8F797558708446CDDE7A062ECD8C66D67B87262445
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....6... ......P.....................................................`.........................................@Z......([..d............p..................(....R...............................R..8............P...............................text....5.......6.................. ..`.rdata..x....P.......:..............@..@.data........`.......J..............@....pdata.......p.......L..............@..@.rsrc................P..............@..@.reloc..(............R..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA384.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26624
                                                                                                                                                                                                            Entropy (8bit):5.837967098997982
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:C839Cc4itui0gel9soFdkO66MlPGXmXcyYDTHks:Zs4u/FZ6nPxMLDzk
                                                                                                                                                                                                            MD5:BEF2C0DD6DFB0C99F49681520FAC9C29
                                                                                                                                                                                                            SHA1:A97FD9EBA05C3D5B14839A1BEFC34C72D407FD2D
                                                                                                                                                                                                            SHA-256:DD8B11D83208286EC46A4698EE57AA354BFA2B6EEBDD97245D49007304439884
                                                                                                                                                                                                            SHA-512:D5C1CE51A6AA8455987ED5FC7B6511B373569D71EB14662C1E452D5279D44FAB3AECE9CA763B41C34CA350F4C4E18F8378EA513091B348BD745490233C60338B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....H..."......P.....................................................`..........................................k.......l..d...............................(...pd...............................d..8............`...............................text....F.......H.................. ..`.rdata.......`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_SHA512.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26624
                                                                                                                                                                                                            Entropy (8bit):5.895432566171149
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:4cX9Nf4ttui0gel9soFdkO66MlPGXmXc/vDTxvk:338u/FZ6nPxM3D9k
                                                                                                                                                                                                            MD5:D6D6E9C22ED2A06562D4D6D4A43F7FE7
                                                                                                                                                                                                            SHA1:773F848975F6ABA43618D65EC518FA9B62CD4DC1
                                                                                                                                                                                                            SHA-256:CF97616BF0CB1EEEC2906FE47CF219332EE697C43A2F2E4D0E67DA40360C1ADE
                                                                                                                                                                                                            SHA-512:B4C1F45A74B966FF1E047B0B0E429204CDA6E033B0923BCAF78959AE2974D71F6C6B25E598A4770C30EAE46738C90C3C455759EF63CE1867DC0229A167DD7256
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....H..."......P.....................................................`.........................................@l......(m..d...............................(....d...............................e..8............`...............................text...hG.......H.................. ..`.rdata..x....`.......L..............@..@.data................^..............@....pdata...............`..............@..@.rsrc................d..............@..@.reloc..(............f..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_ghash_clmul.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12800
                                                                                                                                                                                                            Entropy (8bit):4.967920497161766
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:dUWt/1nCuqaL0kt7TsEx2fiTgDFqGF0T7cqgkLgJ:c/k1Ts64DDVyBgkLg
                                                                                                                                                                                                            MD5:26798493D96B2B2CB9601C0708595B84
                                                                                                                                                                                                            SHA1:CEC50F2D5D38E3410F1FFE1546A08BE35847B198
                                                                                                                                                                                                            SHA-256:84E5F449D863E2801C93C84648AB18C078FE52D75CE4309632AFC295081AB5E8
                                                                                                                                                                                                            SHA-512:3F8F3BB54CD0755CCCD4CF6E8ED29C2D0F1C10BAEB6A0E58D6DB51F5A5A442D653114EB2AC8EE78833E26F71275602F0B3B0E06C333B22BB45C1D2E7A70F278C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d....B.f.........." ................P.....................................................`.........................................P8.......8..d....`.......P...............p..(....1...............................1..8............0...............................text............................... ..`.rdata..2....0......................@..@.data...H....@.......(..............@....pdata.......P.......*..............@..@.rsrc........`......................@..@.reloc..(....p.......0..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_ghash_portable.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):13312
                                                                                                                                                                                                            Entropy (8bit):5.007946351080744
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:gt/1nCuqaL0ktPH0T7fwtF4zDD2rGacqgRGd:N/kpU3Yv4zDLqgRGd
                                                                                                                                                                                                            MD5:BEA27CB11A8529D6AD11373531E5222F
                                                                                                                                                                                                            SHA1:74B61DA8FD39F03136B4FAD7FAA7E5A1EA7C1116
                                                                                                                                                                                                            SHA-256:1EB72BD49457080CE1432EB28E85134D7BD4344BCCD9357839ACBBFA9236B868
                                                                                                                                                                                                            SHA-512:49FEC85D5853DDB352ABC93BE6CAB3C42F2A3DBCDF32A90FE7FFF6E5BF378514C594328C7845F892508C8301F8224F7A6A26F44458A6A9EBC59D99B7CCEF8F4B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d....B.f.........." ................P.....................................................`..........................................8.......8..d....`.......P..X............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data...H....@.......*..............@....pdata..X....P.......,..............@..@.rsrc........`.......0..............@..@.reloc..(....p.......2..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_keccak.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):15872
                                                                                                                                                                                                            Entropy (8bit):5.22636430845807
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:FfRKTN+HLjRskTdf4WazSTkwjEvuY2bylHDIYIgovg:YcHfRl5pauoSjy5DIE
                                                                                                                                                                                                            MD5:7F4AFB84A7F42103E1AD2FB97F01B924
                                                                                                                                                                                                            SHA1:19A74E979422911557F4E1A04ED8D1E64840B5CD
                                                                                                                                                                                                            SHA-256:FCB30E2A27EDD1410A6D7D2DE29DC194E70A5DC4F54B705E6BBA9E6E7AF411DD
                                                                                                                                                                                                            SHA-512:EF50B41D44FBC886CA27A1FB70EB9F7C7BFF2C659A90C893E1930C6525B39E1E40045176A57745EABC2E4503F353E65CC5D9C1899F25E5793EA26E353356AD5A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ..... ... ......P.....................................................`..........................................9.......9..d....`.......P..X............p..(...p2...............................2..8............0...............................text............ .................. ..`.rdata..@....0.......$..............@..@.data........@.......4..............@....pdata..X....P.......6..............@..@.rsrc........`.......:..............@..@.reloc..(....p.......<..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Hash\_poly1305.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):14848
                                                                                                                                                                                                            Entropy (8bit):5.261897747374345
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:XZN2eq/b04PAHH41F6fnVS0sVn+5CA5Z1cDz6WGcqgFjLg:iI4IHHaQfSVnCZyDvmgFjLg
                                                                                                                                                                                                            MD5:F6388659B3203E6ACCF2B317382162B6
                                                                                                                                                                                                            SHA1:F3DBFF5935B069E9256A20B8B7B49AB203602C67
                                                                                                                                                                                                            SHA-256:07EF9E9C2D43342000E048AB8F4ECB92A9298B32AC1D2D0ACD90501350EDA7D5
                                                                                                                                                                                                            SHA-512:B2C2CE460D4F8F91AD4EF3C36D6E3B8E65BAA1B5F2B9A7BFDB4D400F0467BA1A4C827AD4A344F5C4A5DC0DA61AA226C8ABF27DBBFF8DC791F085C9F25F504471
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." ................P.....................................................`..........................................8.......9..d....`.......P..|............p..(....1...............................1..8............0...............................text............................... ..`.rdata.......0......."..............@..@.data........@.......0..............@....pdata..|....P.......2..............@..@.rsrc........`.......6..............@..@.reloc..(....p.......8..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Math\_modexp.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):36352
                                                                                                                                                                                                            Entropy (8bit):5.913982056265063
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:qspbXtHQY4ubrttQza9CHnZXQsnecAlOF0qZLAXxQI3Sya6XPpMg3Yx8MnDcCPSj:6Y44UagH6cAFCLUSYpMg3YDzPo5/G9G
                                                                                                                                                                                                            MD5:7376120CC8C5E3BA94CD453A464F96A2
                                                                                                                                                                                                            SHA1:E6D3D75AEBFE144EBD5D894BB54D1D272B76D92E
                                                                                                                                                                                                            SHA-256:D1AD22734319F91CC9D3002884C1EEA79107F4E2D2D21B0CBE22F33AE73E4DD1
                                                                                                                                                                                                            SHA-512:E02F2081E4BC87D572127DBBD97F1CB6933F37424B5FD5AC6F3149250BE5128525A9D92057E1C605990B710A6C2F20389D24F24569E14D51FDC2B4615D97D6BC
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d....B.f.........." .....`...0......`.....................................................`..........................................~..|...L...d...............<...............(....q...............................q..8............p..(............................text...X^.......`.................. ..`.rdata.......p.......d..............@..@.data................x..............@....pdata..<...........................@..@.rsrc...............................@..@.reloc..(...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Protocol\_scrypt.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):12288
                                                                                                                                                                                                            Entropy (8bit):4.735395385607169
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:rcsC3eqv6b0q3OQ3rHu5bc64OhDXI/p3cqgONLg:rmHq3jHuY64OhDGJgONLg
                                                                                                                                                                                                            MD5:308C6E862A3554F1B5587D003F4B1BBF
                                                                                                                                                                                                            SHA1:800955D3A24065766E5825C8324B7F48CD02F073
                                                                                                                                                                                                            SHA-256:671AAD8B7FAE31E076DF50C947CD198369EEA6379E6FA1B058596E528F5DA561
                                                                                                                                                                                                            SHA-512:35B27A6320A8046F7E7BC42B9AF8414B076F5334467576A0E83C6D7992EC3675F73CF0FC72AE6DA402FF70DD16FCC0C29287AB27AD04BB346D5229D62DEB54A5
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d....B.f.........." ................P.....................................................`..........................................8..d....8..d....`.......P..4............p..(....1...............................1..8............0...............................text...H........................... ..`.rdata..0....0......................@..@.data........@.......&..............@....pdata..4....P.......(..............@..@.rsrc........`.......,..............@..@.reloc..(....p......................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_curve25519.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):22528
                                                                                                                                                                                                            Entropy (8bit):5.7058009726968155
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:b9BcRxBmau38CYIl9bhgIW0mvufueNr359/tjGGDmFSegqrA:TcRy38J+9dmvufFtaGDH
                                                                                                                                                                                                            MD5:63E585DC95B65FAE903369EFC94B35F4
                                                                                                                                                                                                            SHA1:F03B387DD3AAA943F84C4507B191FCF9FD1C5D2A
                                                                                                                                                                                                            SHA-256:DD3B3B23C388C4D6956C1572EA153DF62B02BA6AD7C5632D9254B0D091400E2E
                                                                                                                                                                                                            SHA-512:AFFA8FF13561ED69D47A873220B482E4AD09766338ECBF5E8A9DC4C5E95D22613BD5B70119218295096C5B54351AACE4A437173D5E99D8D000ADD726019D4DA3
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d....B.f.........." .....6...$......P.....................................................`.........................................`Y......`Z..d............p..................(....R..............................0R..8............P...............................text...(5.......6.................. ..`.rdata.......P.......:..............@..@.data........`.......J..............@....pdata.......p.......P..............@..@.rsrc................T..............@..@.reloc..(............V..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_curve448.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):70656
                                                                                                                                                                                                            Entropy (8bit):6.019125929952969
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:+fju4GgRMgWWnEDZiECgd/iwOXUQdbhov0Clb8Cx4hpK8ithLFIDullRPwDHxXja:CXRMgWiEDZiECgd/iwOXUQdbhov0Clb1
                                                                                                                                                                                                            MD5:81EA717DAABBE21EA84BCA3E947C1557
                                                                                                                                                                                                            SHA1:B98EE93811A9A262E4197D13DDB78441A90CCBB3
                                                                                                                                                                                                            SHA-256:A12601F82A9C3C92552B1A80D310C7922ABE9A03BB58ACDB749216FA5EFC6D51
                                                                                                                                                                                                            SHA-512:126E7DFC828A39A37F72C989566FAF4E5E2842C46D47B77DC74E10D1E88ED5B7FB1011C93C13FF474F824EC8222A25305A55961408AD96EECBCD3A57D2EAB721
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d....B.f.........." .........8......`........................................P............`.............................................0.......d....0....... ..$............@..(.......................................8............................................text...8........................... ..`.rdata..............................@..@.data...............................@....pdata..$.... ......................@..@.rsrc........0......................@..@.reloc..(....@......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ec_ws.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):770560
                                                                                                                                                                                                            Entropy (8bit):7.613225426906836
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:WtIrHoxJ8gf1266y8IXhJvCKAmqVLzcrZgYIMGv1iLD9yQvG6h:WtIrHoxJFf1p34hcrn5Go9yQO6
                                                                                                                                                                                                            MD5:6E423574D805A2A8D0FCF599B3DB13E8
                                                                                                                                                                                                            SHA1:551D39DCC40A2049B7668DFF28A61949AB23C11A
                                                                                                                                                                                                            SHA-256:4372D02096FEB267F131F35644E902E19FB4BA6CE6CBDEF5E42D06BA78C0C74F
                                                                                                                                                                                                            SHA-512:67CF163D73C7E81ECCEE9F00ED698BA9C3DD2CBB3F7F5E81C740210ED37773F6820879F1BE528B5AC3D16969895EF18293BE194860C34CFED527065EBF966BDA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d....B.f.........." ................`.....................................................`.............................................h.......d...............................0......................................8...............(............................text............................... ..`.rdata..............................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..0...........................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ed25519.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):26112
                                                                                                                                                                                                            Entropy (8bit):5.855495726605704
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:2czadRwoF2MZ81n0XTyMCYIl9bhgIW0mv8aeadRcwRwftjGLD2aRQNgQQ77k:vudRf2MuMJ+9dmv8aea34taLDDfQ
                                                                                                                                                                                                            MD5:6B1383F534E7DAFB5C02F126AB34CE06
                                                                                                                                                                                                            SHA1:4D00AE8BBB2B2EB7618CFA8854E99EE359F73556
                                                                                                                                                                                                            SHA-256:D620E2F1FB049A5B8094E47F3CB2D790E11D9FEC68939323727D5ED52BF93170
                                                                                                                                                                                                            SHA-512:724496B47EA52AAF1E3D2A8F00BCA4948DB36F32F29950A4DDE96D53DA12AAD61FDF53DB9E97DB8676A5C52499BE912F2AB0F47D9FC2764DB5F2FCECC1329612
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d....B.f.........." .....B...&......P.....................................................`..........................................i..0....k..d...............................(... b..............................@b..8............`...............................text....A.......B.................. ..`.rdata..P....`.......F..............@..@.data........p.......V..............@....pdata...............^..............@..@.rsrc................b..............@..@.reloc..(............d..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\PublicKey\_ed448.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):84992
                                                                                                                                                                                                            Entropy (8bit):6.064765416588426
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:/rYNvxcZeLrIeNs2qkTwe57DsuP45PqAqVDK9agdUiwOXyQdDrov0slb8gx4TBKk:/r4vxcZeLrIeN1TvHsuP45yAqVDK9agR
                                                                                                                                                                                                            MD5:11B6F5FD2BDB4F885D9A46E8F3424AC8
                                                                                                                                                                                                            SHA1:E019D39543FCB9C25179CC73D79877749D7ADD7E
                                                                                                                                                                                                            SHA-256:1B392561C21E555E78CEF0F823C682E2892C751FE7DA51C3137BAA87B2EE5223
                                                                                                                                                                                                            SHA-512:6C3A9751656FEA10A690DEC29130B910E8ADD7CC6B547A053E1FBA64604F768D5719258AA96E49CA08669080ADA64FF668F7135D458906E7B58C4473F45AF098
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d....B.f.........." .........8......`.....................................................`..........................................C..h...HE..d....p.......`..l...............(....1...............................1..8............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......4..............@....pdata..l....`.......>..............@..@.rsrc........p.......H..............@..@.reloc..(............J..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util\_cpuid_c.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10240
                                                                                                                                                                                                            Entropy (8bit):4.67646605814196
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:f0QRpBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSztllIDeqf4AZaRcX6gnO:5ddz2KTnThIz0qfteRIDxRWcqgnCWt
                                                                                                                                                                                                            MD5:690FC8D8423EE69C662F11CD6406CEF1
                                                                                                                                                                                                            SHA1:A0B78AF3BC976C8AAFA1FE80EF71F22D4BF7080B
                                                                                                                                                                                                            SHA-256:BD597E5853A3F2CAD1D4E5743170A66383BE18D215F8F83BE2A473736EE28718
                                                                                                                                                                                                            SHA-512:B08DD641AEF8C663174C4AD436915FFC4C4AFB70B8A9719F535F1F99B7B29240A0C8951E19F3348C010DAD3000B6B5173B1DEF077EC6D96BB8A3D3E9BE339A40
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d....B.f.........." ................P........................................p............`.........................................@'..|....'..P....P.......@...............`..(....!...............................!..8............ ...............................text............................... ..`.rdata....... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\Cryptodome\Util\_strxor.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10240
                                                                                                                                                                                                            Entropy (8bit):4.625951827424241
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:fyipBddzAvzrqTOy/ThIz014mlxuLnkC75JiSBhsPeSzteXuDeZqYNIfcX6gHCWx:Hddz2KTnThIz0qfteR5DewYkcqgHCWt
                                                                                                                                                                                                            MD5:174B652C8E6C40C36C8AB06A20A34C01
                                                                                                                                                                                                            SHA1:F3CB9321100DCE3A8D79B0FC517CC58E05D26E41
                                                                                                                                                                                                            SHA-256:42AF8D99FC975720585D25D767FC825D4922C088B6C2B13EE2DE23E439523610
                                                                                                                                                                                                            SHA-512:9F0C444069E477A043C85F606BF1A3FB695773DBC16D1124A4B2D771EA0385B797552031433CB625D7DC9C8D490EB0EF8FA2C13AA628EBBA58DF6A0530913F32
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d....B.f.........." ................P........................................p............`......................................... '..t....'..P....P.......@...............`..(....!...............................!..8............ ...............................text...h........................... ..`.rdata..`.... ......................@..@.data...H....0....... ..............@....pdata.......@......."..............@..@.rsrc........P.......$..............@..@.reloc..(....`.......&..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\VCRUNTIME140.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):119192
                                                                                                                                                                                                            Entropy (8bit):6.6016214745004635
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:+qvQ1Dj2DkX7OcujarvmdlYNABCmgrP4ddbkZIecbWcFML/UXzlghzdMFw84hzk:+qvQ1D2CreiABCmgYecbWVLUD6h+b4ho
                                                                                                                                                                                                            MD5:BE8DBE2DC77EBE7F88F910C61AEC691A
                                                                                                                                                                                                            SHA1:A19F08BB2B1C1DE5BB61DAF9F2304531321E0E40
                                                                                                                                                                                                            SHA-256:4D292623516F65C80482081E62D5DADB759DC16E851DE5DB24C3CBB57B87DB83
                                                                                                                                                                                                            SHA-512:0DA644472B374F1DA449A06623983D0477405B5229E386ACCADB154B43B8B083EE89F07C3F04D2C0C7501EAD99AD95AECAA5873FF34C5EEB833285B598D5A655
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........N.../c../c../c._]b./c..W.../c../b./c../c../c...`./c...g./c...f./c...c./c....../c...a./c.Rich./c.........................PE..d.....cW.........." ...&. ...d......................................................-.....`A.........................................e..4...4m...........................O...........N..p............................L..@............0...............................text...&........................... ..`fothk........ ...................... ..`.rdata..\C...0...D...$..............@..@.data...p............h..............@....pdata...............l..............@..@_RDATA...............x..............@..@.rsrc................z..............@..@.reloc...............~..............@..B................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_asyncio.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):71448
                                                                                                                                                                                                            Entropy (8bit):6.247581706260346
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:rRaPPkDN3nkiP6djtX5IkTIL1yUvGJtIAOnT7SyqWx5:9anmN3nkikjV5IkTIL1yUuJtIAOnTgi
                                                                                                                                                                                                            MD5:209CBCB4E1A16AA39466A6119322343C
                                                                                                                                                                                                            SHA1:CDCCE6B64EBF11FECFF739CBC57E7A98D6620801
                                                                                                                                                                                                            SHA-256:F7069734D5174F54E89B88D717133BFF6A41B01E57F79957AB3F02DAA583F9E2
                                                                                                                                                                                                            SHA-512:5BBC4EDE01729E628260CF39DF5809624EAE795FD7D51A1ED770ED54663955674593A97B78F66DBF6AE268186273840806ED06D6F7877444D32FDCA031A9F0DA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.T.S...S...S...+r..S...,...S...,...S...,...S...,...S..$....S..U+...S...S...S..$....S..$....S..$....S..$....S..Rich.S..........PE..d......e.........." ...%.f................................................... ......')....`.............................................P......d......................../..............T...........................@...@............................................text...=d.......f.................. ..`.rdata..pO.......P...j..............@..@.data...(...........................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_bz2.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):84760
                                                                                                                                                                                                            Entropy (8bit):6.5874715807724025
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:RS7z7Sj2u5in5IVfC83zYxzbdK87kW1IACVw7SyrxX:I7z+jum3MJdN7kW1IACVwX
                                                                                                                                                                                                            MD5:59D60A559C23202BEB622021AF29E8A9
                                                                                                                                                                                                            SHA1:A405F23916833F1B882F37BDBBA2DD799F93EA32
                                                                                                                                                                                                            SHA-256:706D4A0C26DD454538926CBB2FF6C64257C3D9BD48C956F7CABD6DEF36FFD13E
                                                                                                                                                                                                            SHA-512:2F60E79603CF456B2A14B8254CEC75CE8BE0A28D55A874D4FB23D92D63BBE781ED823AB0F4D13A23DC60C4DF505CBF1DBE1A0A2049B02E4BDEC8D374898002B1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........<..R..R..R......R...S..R.....R...W..R...V..R...Q..R...S..R..S..R..S..R..._..R...R..R......R...P..R.Rich.R.........................PE..d......e.........." ...%.....^......|........................................P......-B....`.............................................H............0....... ..,......../...@..........T...........................p...@............................................text...k........................... ..`.rdata..p>.......@..................@..@.data...............................@....pdata..,.... ......................@..@.rsrc........0......................@..@.reloc.......@......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):182784
                                                                                                                                                                                                            Entropy (8bit):6.193615170968096
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:YRAMUp3K6YoDssyudy4VcRG+nR3hnW3mjwwOdkS9S7iSSTLkK/jftw3buz:Y6MyK65ssy+MG+LnSUwjD9zSSTLL/jl8
                                                                                                                                                                                                            MD5:0572B13646141D0B1A5718E35549577C
                                                                                                                                                                                                            SHA1:EEB40363C1F456C1C612D3C7E4923210EAE4CDF7
                                                                                                                                                                                                            SHA-256:D8A76D1E31BBD62A482DEA9115FC1A109CB39AF4CF6D1323409175F3C93113A7
                                                                                                                                                                                                            SHA-512:67C28432CA8B389ACC26E47EB8C4977FDDD4AF9214819F89DF07FECBC8ED750D5F35807A1B195508DD1D77E2A7A9D7265049DCFBFE7665A7FD1BA45DA1E4E842
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........(...I.C.I.C.I.C.1MC.I.C.<.B.I.C.&#C.I.C.<.B.I.C.<.B.I.C.<.B.I.C.1.B.I.C.4.B.I.C.I.C I.C.<.B.I.C.1KC.I.C.<.B.I.C.<!C.I.C.<.B.I.CRich.I.C................PE..d...g..e.........." .........@......`........................................@............`..........................................w..l....w....... ..........l............0.......]...............................]..8............................................text............................... ..`.rdata..............................@..@.data...h].......0...|..............@....pdata..l...........................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_ctypes.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):125208
                                                                                                                                                                                                            Entropy (8bit):6.128664719423826
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:DGR936Xz4mHFK0K+bRFOoP+Szlf/EZZBKYyucV6rOoZIALPEA:qQHLK+bvvPNhf/Ei6CoX
                                                                                                                                                                                                            MD5:2A834C3738742D45C0A06D40221CC588
                                                                                                                                                                                                            SHA1:606705A593631D6767467FB38F9300D7CD04AB3E
                                                                                                                                                                                                            SHA-256:F20DFA748B878751EA1C4FE77A230D65212720652B99C4E5577BCE461BBD9089
                                                                                                                                                                                                            SHA-512:924235A506CE4D635FA7C2B34E5D8E77EFF73F963E58E29C6EF89DB157BF7BAB587678BB2120D09DA70594926D82D87DBAA5D247E861E331CF591D45EA19A117
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......x...<...<...<...5.*.:...)...>...)...0...)...4...)...8.......>...w...=...w...:.......?...<..........:.......=.....F.=.......=...Rich<...........................PE..d......e.........." ...%............p_..............................................]R....`.........................................``.......`.........................../......p.......T...............................@............................................text............................... ..`.rdata..Xl.......n..................@..@.data....4.......0...j..............@....pdata..............................@..@.rsrc...............................@..@.reloc..p...........................@..B................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_decimal.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):252696
                                                                                                                                                                                                            Entropy (8bit):6.564448148079112
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:Agvd9YyMipyD41q8xDiw9qWM53pLW1AQRRRrBoZtcr3:AQ8yryD47hix4orcr3
                                                                                                                                                                                                            MD5:F930B7550574446A015BC602D59B0948
                                                                                                                                                                                                            SHA1:4EE6FF8019C6C540525BDD2790FC76385CDD6186
                                                                                                                                                                                                            SHA-256:3B9AD1D2BC9EC03D37DA86135853DAC73B3FE851B164FE52265564A81EB8C544
                                                                                                                                                                                                            SHA-512:10B864975945D6504433554F9FF11B47218CAA00F809C6BCE00F9E4089B862190A4219F659697A4BA5E5C21EDBE1D8D325950921E09371ACC4410469BD9189EE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........mBP\.,.\.,.\.,.Ut..R.,.Is-.^.,.Is).Q.,.Is(.T.,.Is/.X.,.f.-._.,..t-.^.,.\.-...,.f./.].,.f.!.S.,.f.,.].,.f...].,.f...].,.Rich\.,.........PE..d......e.........." ...%.t...<......................................................6.....`.........................................@T..P....T..................0'......./......P...@...T...............................@............................................text....r.......t.................. ..`.rdata...............x..............@..@.data....*...p...$...P..............@....pdata..0'.......(...t..............@..@.rsrc...............................@..@.reloc..P...........................@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_hashlib.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):65816
                                                                                                                                                                                                            Entropy (8bit):6.242741772115205
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:MElYij3wz91lBafLEmIRhtIAOIW7SybpxC:hYZBaTEmghtIAOIWE
                                                                                                                                                                                                            MD5:B0262BD89A59A3699BFA75C4DCC3EE06
                                                                                                                                                                                                            SHA1:EB658849C646A26572DEA7F6BFC042CB62FB49DC
                                                                                                                                                                                                            SHA-256:4ADFBBD6366D9B55D902FC54D2B42E7C8C989A83016ED707BD7A302FC3FC7B67
                                                                                                                                                                                                            SHA-512:2E4B214DE3B306E3A16124AF434FF8F5AB832AA3EEB1AA0AA9B49B0ADA0928DCBB05C57909292FBE3B01126F4CD3FE0DAC9CC15EAEA5F3844D6E267865B9F7B1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.}&...&..'...&..'...&..'...&..'...&...'...&.x.'...&...&}..&.x.'...&.x.'...&.x.&...&.x.'...&Rich...&........................PE..d.....e.........." ...%.T..........P@....................................................`.............................................P.............................../......X...@}..T............................|..@............p..(............................text....S.......T.................. ..`.rdata..&O...p...P...X..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..X...........................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_lzma.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):159512
                                                                                                                                                                                                            Entropy (8bit):6.846323229710623
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:Fik7me1FFD+znfF9mNo+Mu6tmxzE41IAZ1Ak:FikSiUNYO+J1E4b
                                                                                                                                                                                                            MD5:B71DBE0F137FFBDA6C3A89D5BCBF1017
                                                                                                                                                                                                            SHA1:A2E2BDC40FDB83CC625C5B5E8A336CA3F0C29C5F
                                                                                                                                                                                                            SHA-256:6216173194B29875E84963CD4DC4752F7CA9493F5B1FD7E4130CA0E411C8AC6A
                                                                                                                                                                                                            SHA-512:9A5C7B1E25D8E1B5738F01AEDFD468C1837F1AC8DD4A5B1D24CE86DCAE0DB1C5B20F2FF4280960BC523AEE70B71DB54FD515047CDAF10D21A8BEC3EBD6663358
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......RH:..)T..)T..)T..Q...)T..VU..)T..VQ..)T..VP..)T..VW..)T.,.U..)T.]QU..)T..)U.s)T.,.Y.,)T.,.T..)T.,....)T.,.V..)T.Rich.)T.........PE..d.....e.........." ...%.d...........6....................................................`......................................... %..L...l%..x....p.......P.......@.../......4.......T...............................@............................................text....b.......d.................. ..`.rdata..............h..............@..@.data...(....@......................@....pdata.......P....... ..............@..@.rsrc........p.......4..............@..@.reloc..4............>..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_multiprocessing.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):35096
                                                                                                                                                                                                            Entropy (8bit):6.461229529356597
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:OgYvrenSE0PXxxQ0zi+mdIAWtd5YiSyviCAMxkEj:vYTQShxQ0zlmdIAWtD7SyKAxv
                                                                                                                                                                                                            MD5:4CCBD87D76AF221F24221530F5F035D1
                                                                                                                                                                                                            SHA1:D02B989AAAC7657E8B3A70A6EE7758A0B258851B
                                                                                                                                                                                                            SHA-256:C7BBCFE2511FD1B71B916A22AD6537D60948FFA7BDE207FEFABEE84EF53CAFB5
                                                                                                                                                                                                            SHA-512:34D808ADAC96A66CA434D209F2F151A9640B359B8419DC51BA24477E485685AF10C4596A398A85269E8F03F0FC533645907D7D854733750A35BF6C691DE37799
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........*..y..y..y..y..y...x..y...x..y...x..y...x..y.J.x..y..y..y...x..y.J.x..y.J.x..y.Jky..y.J.x..yRich..y................PE..d......e.........." ...%.....>......P...............................................^.....`.........................................0E..`....E..x............p.......Z.../...........4..T............................3..@............0...............................text............................... ..`.rdata..r ...0..."..."..............@..@.data........`.......D..............@....pdata.......p.......J..............@..@.rsrc................N..............@..@.reloc...............X..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_overlapped.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):55576
                                                                                                                                                                                                            Entropy (8bit):6.342203411267264
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:wXRnts3McbN6w/xzWssXZdR1r3RIAXtI7SyNxQ:IRvcsXZdR1rRIAXtI6
                                                                                                                                                                                                            MD5:61193E813A61A545E2D366439C1EE22A
                                                                                                                                                                                                            SHA1:F404447B0D9BFF49A7431C41653633C501986D60
                                                                                                                                                                                                            SHA-256:C21B50A7BF9DBE1A0768F5030CAC378D58705A9FE1F08D953129332BEB0FBEFC
                                                                                                                                                                                                            SHA-512:747E4D5EA1BDF8C1E808579498834E1C24641D434546BFFDFCF326E0DE8D5814504623A3D3729168B0098824C2B8929AFC339674B0D923388B9DAC66F5D9D996
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........j.{..w(..w(..w(.s.(..w(.tv)..w(.tr)..w(.ts)..w(.tt)..w(.v)..w(..v(..w(.sv)..w(.ss)..w(.z)..w(.w)..w(..(..w(.u)..w(Rich..w(........................PE..d......e.........." ...%.L...`............................................................`.............................................X...X............................/......(....f..T............................e..@............`...............................text....J.......L.................. ..`.rdata..D8...`...:...P..............@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..(...........................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_queue.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):32536
                                                                                                                                                                                                            Entropy (8bit):6.4674944702653665
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:0k+cae6rjp5MoNOfZIAQUM5YiSyvjAMxkEKu:5vSjgoNOfZIAQU27SyLxv
                                                                                                                                                                                                            MD5:F3ECA4F0B2C6C17ACE348E06042981A4
                                                                                                                                                                                                            SHA1:EB694DDA8FF2FE4CCAE876DC0515A8EFEC40E20E
                                                                                                                                                                                                            SHA-256:FB57EE6ADF6E7B11451B6920DDD2FB943DCD9561C9EAE64FDDA27C7ED0BC1B04
                                                                                                                                                                                                            SHA-512:604593460666045CA48F63D4B14FA250F9C4B9E5C7E228CC9202E7692C125AACB0018B89FAA562A4197692A9BC3D2382F9E085B305272EE0A39264A2A0F53B75
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Z2.\.Sa..Sa..Sa..+...Sa..,`..Sa..,d..Sa..,e..Sa..,b..Sa.$.`..Sa.U+`..Sa..S`.USa.$.l..Sa.$.a..Sa.$...Sa.$.c..Sa.Rich.Sa.........PE..d......e.........." ...%.....8.......................................................I....`..........................................C..L....C..d....p.......`.......P.../..........p4..T...........................03..@............0..8............................text...(........................... ..`.rdata.......0......................@..@.data........P.......<..............@....pdata.......`.......@..............@..@.rsrc........p.......D..............@..@.reloc...............N..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_socket.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):83224
                                                                                                                                                                                                            Entropy (8bit):6.338326324626716
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:MUuhDLiJfz76Xl+1ly+uCt9/s+S+pzcHS58/n1IsJHfsZIALwqw7Syraxi:MU6DL4fHdy+uCt9/sT+pzuSQ1IwHfsZS
                                                                                                                                                                                                            MD5:9C6283CC17F9D86106B706EC4EA77356
                                                                                                                                                                                                            SHA1:AF4F2F52CE6122F340E5EA1F021F98B1FFD6D5B6
                                                                                                                                                                                                            SHA-256:5CC62AAC52EDF87916DEB4EBBAD9ABB58A6A3565B32E7544F672ACA305C38027
                                                                                                                                                                                                            SHA-512:11FD6F570DD78F8FF00BE645E47472A96DAFFA3253E8BD29183BCCDE3F0746F7E436A106E9A68C57CC05B80A112365441D06CC719D51C906703B428A32C93124
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......|../8z.|8z.|8z.|1.T|>z.|-..}:z.|-..}5z.|-..}0z.|-..};z.|...}:z.|8z.|.z.|s..}1z.|...}9z.|...}9z.|..8|9z.|...}9z.|Rich8z.|........PE..d......e.........." ...%.v...........-.......................................`............`.............................................P............@.......0.........../...P..........T...............................@............................................text....u.......v.................. ..`.rdata...x.......z...z..............@..@.data...H...........................@....pdata.......0......................@..@.rsrc........@......................@..@.reloc.......P......................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_ssl.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):177432
                                                                                                                                                                                                            Entropy (8bit):5.976892131161338
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:1CRW4ljuyKK8vZktW5No6XfJN54eNWXvM4VRJNI7IM/cbP7RHs3FJZ1IAC7+y:1mfEyKKaZo6XfJ2MSV+JZW
                                                                                                                                                                                                            MD5:DDB21BD1ACDE4264754C49842DE7EBC9
                                                                                                                                                                                                            SHA1:80252D0E35568E68DED68242D76F2A5D7E00001E
                                                                                                                                                                                                            SHA-256:72BB15CD8C14BA008A52D23CDCFC851A9A4BDE13DEEE302A5667C8AD60F94A57
                                                                                                                                                                                                            SHA-512:464520ECD1587F5CEDE6219FAAC2C903EE41D0E920BF3C9C270A544B040169DCD17A4E27F6826F480D4021077AB39A6CBBD35EBB3D71672EBB412023BC9E182A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........wfj...9...9...9.n.9...9.i.8...9.i.8...9.i.8...9.i.8...9...8...9...9U..9.n.8...9...8...9...8...9...9...9...8...9Rich...9........PE..d.....e.........." ...%............\,..............................................t.....`......................................... ...d.......................8......../......x...@...T...............................@............................................text.............................. ..`.rdata...!......."..................@..@.data...(...........................@....pdata..8............^..............@..@.rsrc................j..............@..@.reloc..x............t..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\_wmi.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):36632
                                                                                                                                                                                                            Entropy (8bit):6.357254511176439
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:6cxnHG7MYGQd0hHdzA77yeu1IACis5YiSyvoAMxkE9:6cxnm7M6dAHdzA77yeu1IACiW7Sy+xx
                                                                                                                                                                                                            MD5:C1654EBEBFEEDA425EADE8B77CA96DE5
                                                                                                                                                                                                            SHA1:A4A150F1C810077B6E762F689C657227CC4FD257
                                                                                                                                                                                                            SHA-256:AA1443A715FBF84A84F39BD89707271FC11A77B597D7324CE86FC5CFA56A63A9
                                                                                                                                                                                                            SHA-512:21705B991E75EFD5E59B8431A3B19AE5FCC38A3E7F137A9D52ACD24E7F67D61758E48ABC1C9C0D4314FA02010A1886C15EAD5BCA8DCA1B1D4CCBFC3C589D342E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........S..............l..............................z.......................................z.......z.......z.......z......Rich....................PE..d......e.........." ...%.(...:.......&..............................................!n....`..........................................T..H....T...............p..`....`.../......t...DG..T............................C..@............@.......S..@....................text....&.......(.................. ..`.rdata..D....@... ...,..............@..@.data........`.......L..............@....pdata..`....p.......P..............@..@.rsrc................T..............@..@.reloc..t............^..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\base_library.zip

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1332263
                                                                                                                                                                                                            Entropy (8bit):5.5864610174712706
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:uttcY+bStOmgRF1+fYNXPh26UZWAzCu7joqYnhjtgkV+dmmPHHz1dF6sF7aYcea:uttcY+UHCiCAd+mq+dmmPnz4waYcea
                                                                                                                                                                                                            MD5:0CD72BCBFCA52707A1FD52F6038B6020
                                                                                                                                                                                                            SHA1:BBEA1763F250143804905F719D88ED2710C23DB3
                                                                                                                                                                                                            SHA-256:66FD3CE5401FEAC826504CEB1BBF3AF3E8B41702BBA03A6C91289DF59228C368
                                                                                                                                                                                                            SHA-512:4FB8F17EA900B243BCD1042E5300238E7D1B03FA2B74E3F4FFABA9B6A181BF6F81A6903B816BA524B9AFB78586A9C6167ACC4071CF009ED5FF4EF295B06FB96B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\certifi\cacert.pem

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):292541
                                                                                                                                                                                                            Entropy (8bit):6.048162209044241
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/Q5MSRqNb7d8iu5NF:QWb/TRJLWURrI55MWavdF0D
                                                                                                                                                                                                            MD5:D3E74C9D33719C8AB162BAA4AE743B27
                                                                                                                                                                                                            SHA1:EE32F2CCD4BC56CA68441A02BF33E32DC6205C2B
                                                                                                                                                                                                            SHA-256:7A347CA8FEF6E29F82B6E4785355A6635C17FA755E0940F65F15AA8FC7BD7F92
                                                                                                                                                                                                            SHA-512:E0FB35D6901A6DEBBF48A0655E2AA1040700EB5166E732AE2617E89EF5E6869E8DDD5C7875FA83F31D447D4ABC3DB14BFFD29600C9AF725D9B03F03363469B4C
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):10752
                                                                                                                                                                                                            Entropy (8bit):4.817893239381772
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:MRv9XFCk2z1/t12iwU5usJFcCyD9cqgE:aVVC5djuUFJKtgE
                                                                                                                                                                                                            MD5:71D96F1DBFCD6F767D81F8254E572751
                                                                                                                                                                                                            SHA1:E70B74430500ED5117547E0CD339D6E6F4613503
                                                                                                                                                                                                            SHA-256:611E1B4B9ED6788640F550771744D83E404432830BB8E3063F0B8EC3B98911AF
                                                                                                                                                                                                            SHA-512:7B10E13B3723DB0E826B7C7A52090DE999626D5FA6C8F9B4630FDEEF515A58C40660FA90589532A6D4377F003B3CB5B9851E276A0B3C83B9709E28E6A66A1D32
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d... $.g.........." ...).....................................................p............`..........................................'..p...`(..d....P.......@...............`..,...`#.............................. "..@............ ...............................text............................... ..`.rdata....... ......................@..@.data........0......."..............@....pdata.......@.......$..............@..@.rsrc........P.......&..............@..@.reloc..,....`.......(..............@..B........................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):124928
                                                                                                                                                                                                            Entropy (8bit):5.935676608756784
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:1536:BETt3OiaqGB7QNX6Pq4a461TDqFRgMzrOH+d3gdy2iIeP/j3bhouROm:Bmt+is7QNqP1ab1TGb9g/iI4bhouROm
                                                                                                                                                                                                            MD5:D8F690EAE02332A6898E9C8B983C56DD
                                                                                                                                                                                                            SHA1:112C1FE25E0D948F767E02F291801C0E4AE592F0
                                                                                                                                                                                                            SHA-256:C6BB8CAD80B8D7847C52931F11D73BA64F78615218398B2C058F9B218FF21CA9
                                                                                                                                                                                                            SHA-512:E732F79F39BA9721CC59DBE8C4785FFD74DF84CA00D13D72AFA3F96B97B8C7ADF4EA9344D79EE2A1C77D58EF28D3DDCC855F3CB13EDDA928C17B1158ABCC5B4A
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB....................7...............7.......7.......7.......6..........C....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).@...........B.......................................0............`.............................................d.................................... ......@...................................@............P...............................text....>.......@.................. ..`.rdata..PY...P...Z...D..............@..@.data....=.......0..................@....pdata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\INSTALLER

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:pip.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\METADATA

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5724
                                                                                                                                                                                                            Entropy (8bit):5.120429897887076
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:DlkQIUQIhQIKQILbQIRIaMPktjaVMxsxA2ncEvGDfe0HEdwGArNZG0JQTQCQx5Kw:dcPuPwsrcEvGDfe0HENA5w0JQTQ9x59H
                                                                                                                                                                                                            MD5:526D9AC9D8150602EC9ED8B9F4DE7102
                                                                                                                                                                                                            SHA1:DBA2CB32C21C4B0F575E77BBCDD4FA468056F5E3
                                                                                                                                                                                                            SHA-256:D95F491ED418DC302DB03804DAF9335CE21B2DF4704587E6851EF03E1F84D895
                                                                                                                                                                                                            SHA-512:FB13A2F6B64CB7E380A69424D484FC9B8758FA316A7A155FF062BFDACDCA8F2C5D2A03898CD099688B1C16A5A0EDCECFC42BF0D4D330926B10C3FCE9F5238643
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Metadata-Version: 2.3.Name: cryptography.Version: 44.0.0.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\RECORD

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):16380
                                                                                                                                                                                                            Entropy (8bit):5.587009861664839
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:hXr12s/l45jEVeK+VqhXJZ4WJJ6sf7B0PpzIq+NX6ih5VFUqq8q:hXplMEVdhJrJJ6sf7B0Ppz/+96ihu8q
                                                                                                                                                                                                            MD5:A53742D3EE69CAE1FD8BDEDAC05BB828
                                                                                                                                                                                                            SHA1:02BC360839FEB54E58E14D410266652DCB718353
                                                                                                                                                                                                            SHA-256:9518E7D9DA0F889F568F800E1A4ADC0686234DC9D9934A46F78FFB5E6C351A98
                                                                                                                                                                                                            SHA-512:C69C4D3ECA56D725E90F9F0C4B98071F4F92A3BC06A635CE0D6309976C750B20B3DA353EFED27F07712FF5E0C1A8114300004C8E2D2EE9155F31D856A3C6EE05
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:cryptography-44.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-44.0.0.dist-info/METADATA,sha256=2V9JHtQY3DAtsDgE2vkzXOIbLfRwRYfmhR7wPh-E2JU,5724..cryptography-44.0.0.dist-info/RECORD,,..cryptography-44.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..cryptography-44.0.0.dist-info/WHEEL,sha256=Hn9bytZpOGoR6M4U5xUTHC1AJpPD9B1xPrM4STxljEU,94..cryptography-44.0.0.dist-info/licenses/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-44.0.0.dist-info/licenses/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-44.0.0.dist-info/licenses/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=fcUqF1IcadxBSH0us1vCvob0OJOrPV3h30yZD8wsHo4,445..cryptography/__init__.py,sha256=XsRL_PxbU6UgoyoglAgJQSrJCP97ovBA8YIEQ2-uI68,762..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__init__.cpython-312

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\WHEEL

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):94
                                                                                                                                                                                                            Entropy (8bit):5.0373614967294325
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:RtEeX5pG6vhP+tkKciH/KQb:RtvoKWKTQb
                                                                                                                                                                                                            MD5:A868F93FCF51C4F1C25658D54F994349
                                                                                                                                                                                                            SHA1:535C88A10911673DEABB7889D365E81729E483A6
                                                                                                                                                                                                            SHA-256:1E7F5BCAD669386A11E8CE14E715131C2D402693C3F41D713EB338493C658C45
                                                                                                                                                                                                            SHA-512:EC13CAC9DF03676640EF5DA033E8C2FAEE63916F27CC27B9C43F0824B98AB4A6ECB4C8D7D039FA6674EF189BDD9265C8ED509C1D80DFF610AEB9E081093AEB3D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: maturin (1.7.5).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\licenses\LICENSE

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):197
                                                                                                                                                                                                            Entropy (8bit):4.61968998873571
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                                            MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                                            SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                                            SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                                            SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\licenses\LICENSE.APACHE

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11360
                                                                                                                                                                                                            Entropy (8bit):4.426756947907149
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                                            MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                                            SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                                            SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                                            SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography-44.0.0.dist-info\licenses\LICENSE.BSD

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1532
                                                                                                                                                                                                            Entropy (8bit):5.058591167088024
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                                            MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                                            SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                                            SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                                            SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):8292864
                                                                                                                                                                                                            Entropy (8bit):6.493076254122072
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:98304:Y4sf3zg+qUuQdPJMqYLSxuBLZqwt0kDO+5+O:cdeqYLSxuBLZrGjq+
                                                                                                                                                                                                            MD5:34293B976DA366D83C12D8EE05DE7B03
                                                                                                                                                                                                            SHA1:82B8EB434C26FCC3A5D9673C9B93663C0FF9BF15
                                                                                                                                                                                                            SHA-256:A2285C3F2F7E63BA8A17AB5D0A302740E6ADF7E608E0707A7737C1EC3BD8CECC
                                                                                                                                                                                                            SHA-512:0807EC7515186F0A989BB667150A84FF3BEBCC248625597BA0BE3C6F07AD60D70CF8A3F65191436EC16042F446D4248BF92FCD02212E459405948DB10F078B8E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........Y.j...j...j....F..j.......j.......j.......j.......j.......j.......j...j...h.......i...j...j.......j.......j..Rich.j..........................PE..d....^Gg.........." ...*.R\..n"......~Z.......................................~...........`...........................................x.X.....x...............y...............~.......o.T.....................o.(...p.o.@............p\.8............................text....Q\......R\................. ..`.rdata..P9...p\..:...V\.............@..@.data... >....x.......x.............@....pdata........y.......y.............@..@.reloc........~.......}.............@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\libcrypto-3.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):5191960
                                                                                                                                                                                                            Entropy (8bit):5.962142634441191
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:98304:n3+pefu6fSar+SJ8aqfPomg1CPwDvt3uFlDCE:3G+u6fb+SJ8aqfwmg1CPwDvt3uFlDCE
                                                                                                                                                                                                            MD5:E547CF6D296A88F5B1C352C116DF7C0C
                                                                                                                                                                                                            SHA1:CAFA14E0367F7C13AD140FD556F10F320A039783
                                                                                                                                                                                                            SHA-256:05FE080EAB7FC535C51E10C1BD76A2F3E6217F9C91A25034774588881C3F99DE
                                                                                                                                                                                                            SHA-512:9F42EDF04C7AF350A00FA4FDF92B8E2E6F47AB9D2D41491985B20CD0ADDE4F694253399F6A88F4BDD765C4F49792F25FB01E84EC03FD5D0BE8BB61773D77D74D
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............l..l..l......l...m..l...i..l...h..l...o..l..m.y.l...m...l...o..l...h.l...l..l......l...n..l.Rich.l.........PE..d......e.........." ...%..7..4......v.........................................O.......P...`.........................................P.H.0....kN.@.....N.|.....K.d.....O../....N....P.C.8.............................C.@............`N..............................text.....7.......7................. ..`.rdata....... 7.......7.............@..@.data....n....K..<....J.............@....pdata..0.....K......4K.............@..@.idata...%...`N..&....N.............@..@.00cfg..u.....N.......N.............@..@.rsrc...|.....N......0N.............@..@.reloc........N......8N.............@..B................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\libffi-8.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):39696
                                                                                                                                                                                                            Entropy (8bit):6.641880464695502
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:NiQfxQemQJNrPN+moyijAc5YiSyvkIPxWEqG:dfxIQvPkmoyijP7SytPxF
                                                                                                                                                                                                            MD5:0F8E4992CA92BAAF54CC0B43AACCCE21
                                                                                                                                                                                                            SHA1:C7300975DF267B1D6ADCBAC0AC93FD7B1AB49BD2
                                                                                                                                                                                                            SHA-256:EFF52743773EB550FCC6CE3EFC37C85724502233B6B002A35496D828BD7B280A
                                                                                                                                                                                                            SHA-512:6E1B223462DC124279BFCA74FD2C66FE18B368FFBCA540C84E82E0F5BCBEA0E10CC243975574FA95ACE437B9D8B03A446ED5EE0C9B1B094147CEFAF704DFE978
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".H...(.......L...............................................n....`......................................... l.......p..P...............P....l.../......,...@d...............................c..@............`.. ............................text....G.......H.................. ..`.rdata..h....`.......L..............@..@.data................b..............@....pdata..P............d..............@..@.reloc..,............j..............@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\libssl-3.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):787224
                                                                                                                                                                                                            Entropy (8bit):5.609561366841894
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:ytPc2nnGoNg4kSHoxX09yO5EavUFe9Xb12:y9jnnpTHoxXUsFe9XbM
                                                                                                                                                                                                            MD5:19A2ABA25456181D5FB572D88AC0E73E
                                                                                                                                                                                                            SHA1:656CA8CDFC9C3A6379536E2027E93408851483DB
                                                                                                                                                                                                            SHA-256:2E9FBCD8F7FDC13A5179533239811456554F2B3AA2FB10E1B17BE0DF81C79006
                                                                                                                                                                                                            SHA-512:DF17DC8A882363A6C5A1B78BA3CF448437D1118CCC4A6275CC7681551B13C1A4E0F94E30FFB94C3530B688B62BFF1C03E57C2C185A7DF2BF3E5737A06E114337
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........>:V.PiV.PiV.Pi_..iX.PiC.QhT.Pi..QhT.PiC.UhZ.PiC.Th^.PiC.ShR.PillQhU.PiV.QiH.PillThf.PillPhW.Pill.iW.PillRhW.PiRichV.Pi................PE..d......e.........." ...%.*..........K........................................ ............`..........................................g...Q..............s.......@M......./......`.......8...........................`...@............p...............................text...D).......*.................. ..`.rdata..Hy...@...z..................@..@.data....N.......H..................@....pdata...V.......X..................@..@.idata...c...p...d...H..............@..@.00cfg..u...........................@..@.rsrc...s...........................@..@.reloc..4...........................@..B........................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\pyexpat.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):199448
                                                                                                                                                                                                            Entropy (8bit):6.385263095268062
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3072:gP9/HQAYp/8IdzL37lqrEJesY7p7Ndrjt8HWcFwUT6ZIALhNn6:opFYp/vdzL3pqrEJ2xDrJ8DdT6A
                                                                                                                                                                                                            MD5:F179C9BDD86A2A218A5BF9F0F1CF6CD9
                                                                                                                                                                                                            SHA1:4544FB23D56CC76338E7F71F12F58C5FE89D0D76
                                                                                                                                                                                                            SHA-256:C42874E2CF034FB5034F0BE35F7592B8A96E8903218DA42E6650C504A85B37CC
                                                                                                                                                                                                            SHA-512:3464ECE5C6A0E95EF6136897B70A96C69E552D28BFEDD266F13EEC840E36EC2286A1FB8973B212317DE6FE3E93D7D7CC782EB6FC3D6A2A8F006B34F6443498DE
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........W,.6B..6B..6B..N..6B..IC..6B..IG..6B..IF..6B..IA..6B...C..6B..NC..6B..6C..6B...O..6B...B..6B......6B...@..6B.Rich.6B.........PE..d......e.........." ...%.............................................................)....`......................................... ...P...p............................/..........`4..T........................... 3..@............ ...............................text............................... ..`.rdata..D.... ......................@..@.data...............................@....pdata..............................@..@.rsrc...............................@..@.reloc..............................@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\python3.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):68376
                                                                                                                                                                                                            Entropy (8bit):6.14896460878624
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:768:LV1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/u:LDmF61JFn+/OHZIAL0R7SyHxy
                                                                                                                                                                                                            MD5:6271A2FE61978CA93E60588B6B63DEB2
                                                                                                                                                                                                            SHA1:BE26455750789083865FE91E2B7A1BA1B457EFB8
                                                                                                                                                                                                            SHA-256:A59487EA2C8723277F4579067248836B216A801C2152EFB19AFEE4AC9785D6FB
                                                                                                                                                                                                            SHA-512:8C32BCB500A94FF47F5EF476AE65D3B677938EBEE26E80350F28604AAEE20B044A5D55442E94A11CCD9962F34D22610B932AC9D328197CF4D2FFBC7DF640EFBA
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........T...5e..5e..5e..m..5e..e..5e.....5e..g..5e.Rich.5e.........PE..d......e.........." ...%............................................................x.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\python312.dll

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):7009048
                                                                                                                                                                                                            Entropy (8bit):5.7826778751744685
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:49152:mz0oCxOqKWneF3o1VLCClOTNRpaOviXEYWyb3eOYTvuFsx/iac84YNFXiTlv5WF4:mooCcqKLHX+az2Ro8Kv7HDMiEB/
                                                                                                                                                                                                            MD5:550288A078DFFC3430C08DA888E70810
                                                                                                                                                                                                            SHA1:01B1D31F37FB3FD81D893CC5E4A258E976F5884F
                                                                                                                                                                                                            SHA-256:789A42AC160CEF98F8925CB347473EEEB4E70F5513242E7FABA5139BA06EDF2D
                                                                                                                                                                                                            SHA-512:7244432FC3716F7EF27630D4E8FBC8180A2542AA97A01D44DCA260AB43966DD8AC98B6023400B0478A4809AACE1A128F1F4D6E544F2E591A5B436FD4C8A9D723
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........T..e...e...e...d...e.......e...`...e...a...e...f...e.......e..d...e...d...e..Bh.M.e..Be...e..B....e..Bg...e.Rich..e.........................PE..d......e.........." ...%.$)..ZB......]........................................k.....:.k...`...........................................O.d...toP......Pj.......`.dZ....j../...`j.pZ....3.T.....................I.(...P.3.@............@)..............................text....")......$)................. ..`.rdata...T'..@)..V'..().............@..@.data....?....P......~P.............@....pdata..dZ....`..\....`.............@..@PyRuntim.....@c......\b.............@....rsrc........Pj......^i.............@..@.reloc..pZ...`j..\...hi.............@..B........................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\select.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):30488
                                                                                                                                                                                                            Entropy (8bit):6.582548725691534
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:384:b9yLTFInPLnIdHqp3DT90IZIAQGyHQIYiSy1pCQ273bAM+o/8E9VF0Nypyn4:6inzUHqN1rZIAQGo5YiSyvUrAMxkEjh
                                                                                                                                                                                                            MD5:8A273F518973801F3C63D92AD726EC03
                                                                                                                                                                                                            SHA1:069FC26B9BD0F6EA3F9B3821AD7C812FD94B021F
                                                                                                                                                                                                            SHA-256:AF358285A7450DE6E2E5E7FF074F964D6A257FB41D9EB750146E03C7DDA503CA
                                                                                                                                                                                                            SHA-512:7FEDAE0573ECB3946EDE7D0B809A98ACAD3D4C95D6C531A40E51A31BDB035BADC9F416D8AAA26463784FF2C5E7A0CC2C793D62B5FDB2B8E9FAD357F93D3A65F8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V..t.s.'.s.'.s.'..7'.s.'...&.s.'...&.s.'...&.s.'...&.s.'(.&.s.'.s.'Ps.'Y..&.s.'(.&.s.'(.&.s.'(.['.s.'(.&.s.'Rich.s.'........PE..d......e.........." ...%.....2.......................................................y....`..........................................@..L...,A..x....p.......`.......H.../......L....3..T............................2..@............0...............................text............................... ..`.rdata.......0......................@..@.data........P.......6..............@....pdata.......`.......8..............@..@.rsrc........p.......<..............@..@.reloc..L............F..............@..B................................................................................................................................................................................................................................................

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:pip.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):11358
                                                                                                                                                                                                            Entropy (8bit):4.4267168336581415
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                                            MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                                            SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                                            SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                                            SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4648
                                                                                                                                                                                                            Entropy (8bit):5.006900644756252
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                                            MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                                            SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                                            SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                                            SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2518
                                                                                                                                                                                                            Entropy (8bit):5.6307766747793275
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                                            MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                                            SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                                            SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                                            SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):91
                                                                                                                                                                                                            Entropy (8bit):4.687870576189661
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                                            MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                                            SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                                            SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                                            SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):19
                                                                                                                                                                                                            Entropy (8bit):3.536886723742169
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                                            MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                                            SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                                            SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                                            SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:importlib_metadata.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1335
                                                                                                                                                                                                            Entropy (8bit):4.226823573023539
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                                            MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                                            SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                                            SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                                            SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4
                                                                                                                                                                                                            Entropy (8bit):1.5
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:Mn:M
                                                                                                                                                                                                            MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                                            SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                                            SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                                            SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:pip.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1107
                                                                                                                                                                                                            Entropy (8bit):5.115074330424529
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                                            MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                                            SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                                            SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                                            SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:Unicode text, UTF-8 text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):2153
                                                                                                                                                                                                            Entropy (8bit):5.088249746074878
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                                            MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                                            SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                                            SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                                            SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:CSV text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):4557
                                                                                                                                                                                                            Entropy (8bit):5.714200636114494
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                                            MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                                            SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                                            SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                                            SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):81
                                                                                                                                                                                                            Entropy (8bit):4.672346887071811
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                                            MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                                            SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                                            SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                                            SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:ASCII text
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):104
                                                                                                                                                                                                            Entropy (8bit):4.271713330022269
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                                            MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                                            SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                                            SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                                            SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\_MEI29962\unicodedata.pyd

                                                                                                                                                                                                            Download File
                                                                                                                                                                                                            Process:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                            Size (bytes):1137944
                                                                                                                                                                                                            Entropy (8bit):5.462202215180296
                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                            SSDEEP:12288:hrEHdcM6hbFCjJ43w9hIpCQvb0QN8MdIEQ+U2BNNmD+99FfciFt:hrEXYCjfk7bPNfv42BN6yzUiFt
                                                                                                                                                                                                            MD5:04F35D7EEC1F6B72BAB9DAF330FD0D6B
                                                                                                                                                                                                            SHA1:ECF0C25BA7ADF7624109E2720F2B5930CD2DBA65
                                                                                                                                                                                                            SHA-256:BE942308D99CC954931FE6F48ED8CC7A57891CCBE99AAE728121BCDA1FD929AB
                                                                                                                                                                                                            SHA-512:3DA405E4C1371F4B265E744229DCC149491A112A2B7EA8E518D5945F8C259CAD15583F25592B35EC8A344E43007AE00DA9673822635EE734D32664F65C9C8D9B
                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........K..K..K..B.q.M..^..I..^..F..^..C..^..H..qE.H.....I..K.....qE.J..qE.J..qE..J..qE..J..RichK..........................PE..d......e.........." ...%.>..........`*.......................................p............`.........................................p...X............P.......@.........../...`......P^..T............................]..@............P..p............................text....=.......>.................. ..`.rdata..\....P.......B..............@..@.data...X.... ......................@....pdata.......@......................@..@.rsrc........P......."..............@..@.reloc.......`.......,..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                                            Entropy (8bit):7.994341682368462
                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                            • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                                            • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                            File name:rvigVjH6wf.exe
                                                                                                                                                                                                            File size:15'923'171 bytes
                                                                                                                                                                                                            MD5:f80d7f221e494eddecbce2a160890733
                                                                                                                                                                                                            SHA1:070e5a6c99c70b67e73f24d3acbb78043038197c
                                                                                                                                                                                                            SHA256:b11f05236edbf4da040010b62b4c16cd4c7c0c3e6218bcd29170922973b94099
                                                                                                                                                                                                            SHA512:b742a97ad7bd31b7b90154ea028371eb35a937e24cb5171b2f3938fea60988cfdeb645836035e789233776b3b4e3fe062ba59ffa6ba46af9b8c5c93a7f470a4a
                                                                                                                                                                                                            SSDEEP:393216:9hKRagG8niwq3Obs2ClJ1+TtIiFGuvB5IjWqczLJAwQfa:9hTGiwq3ObRqJ1QtIZS3ILaJXQfa
                                                                                                                                                                                                            TLSH:23F63341A6F358EFC6F1633B86628556AF62AF951773C68F03782290DF472C34D32A61
                                                                                                                                                                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......t=.30\.`0\.`0\.`{$.a7\.`{$.a.\.`{$.a:\.` ..`3\.` ..a9\.` ..a!\.` ..a.\.`{$.a;\.`0\.`.\.`{..a)\.`{..a1\.`Rich0\.`........PE..d..

                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                            Icon Hash:391d8c069399743a

                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Entrypoint:0x14000ce20
                                                                                                                                                                                                            Entrypoint Section:.text
                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                            Imagebase:0x140000000
                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                            DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                            Time Stamp:0x675C136F [Fri Dec 13 10:58:55 2024 UTC]
                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                            OS Version Major:6
                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                            File Version Major:6
                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                            Subsystem Version Major:6
                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                            Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                            call 00007FB695136C4Ch
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                            jmp 00007FB69513686Fh
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                            call 00007FB695137018h
                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                            je 00007FB695136A13h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            mov eax, dword ptr [00000030h]
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                                            jmp 00007FB6951369F7h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            cmp ecx, eax
                                                                                                                                                                                                            je 00007FB695136A06h
                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            cmpxchg dword ptr [0003570Ch], ecx
                                                                                                                                                                                                            jne 00007FB6951369E0h
                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                            jmp 00007FB6951369E9h
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            sub esp, 28h
                                                                                                                                                                                                            test ecx, ecx
                                                                                                                                                                                                            jne 00007FB6951369F9h
                                                                                                                                                                                                            mov byte ptr [000356F5h], 00000001h
                                                                                                                                                                                                            call 00007FB695136145h
                                                                                                                                                                                                            call 00007FB695137430h
                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                            jne 00007FB6951369F6h
                                                                                                                                                                                                            xor al, al
                                                                                                                                                                                                            jmp 00007FB695136A06h
                                                                                                                                                                                                            call 00007FB695143F4Fh
                                                                                                                                                                                                            test al, al
                                                                                                                                                                                                            jne 00007FB6951369FBh
                                                                                                                                                                                                            xor ecx, ecx
                                                                                                                                                                                                            call 00007FB695137440h
                                                                                                                                                                                                            jmp 00007FB6951369DCh
                                                                                                                                                                                                            mov al, 01h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            add esp, 28h
                                                                                                                                                                                                            ret
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            int3
                                                                                                                                                                                                            inc eax
                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            sub esp, 20h
                                                                                                                                                                                                            cmp byte ptr [000356BCh], 00000000h
                                                                                                                                                                                                            mov ebx, ecx
                                                                                                                                                                                                            jne 00007FB695136A59h
                                                                                                                                                                                                            cmp ecx, 01h
                                                                                                                                                                                                            jnbe 00007FB695136A5Ch
                                                                                                                                                                                                            call 00007FB695136F8Eh
                                                                                                                                                                                                            test eax, eax
                                                                                                                                                                                                            je 00007FB695136A1Ah
                                                                                                                                                                                                            test ebx, ebx
                                                                                                                                                                                                            jne 00007FB695136A16h
                                                                                                                                                                                                            dec eax
                                                                                                                                                                                                            lea ecx, dword ptr [000356A6h]
                                                                                                                                                                                                            call 00007FB695143D42h

                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca340x78.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000xeeb8.rsrc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2238.pdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x560000x764.reloc
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                            Sections

                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                            .text0x10000x29f700x2a000b8c3814c5fb0b18492ad4ec2ffe0830aFalse0.5518740699404762data6.489205819736506IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .rdata0x2b0000x12a280x12c0048cc631206afa5888622b984f64b975bFalse0.5242838541666667data5.750745328384593IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                            .pdata0x440000x22380x24009cd1eac931545f28ab09329f8bfce843False0.4697265625data5.2645170849678795IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .rsrc0x470000xeeb80xf00084086ada0a1865a4173ecccf4a690c02False0.038167317708333336data2.343477032023029IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                            .reloc0x560000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                            Resources

                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                            RT_ICON0x470e80xe8acDevice independent bitmap graphic, 225 x 450 x 8, image size 51300, 256 important colors0.024964743804982877
                                                                                                                                                                                                            RT_GROUP_ICON0x559940x14data1.15
                                                                                                                                                                                                            RT_MANIFEST0x559a80x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                                            Imports

                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                            USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                                            COMCTL32.dll
                                                                                                                                                                                                            KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                                            ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                                            GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                            Dec 18, 2024 08:50:28.114063978 CET497313000192.168.2.4130.193.51.109
                                                                                                                                                                                                            Dec 18, 2024 08:50:28.233715057 CET300049731130.193.51.109192.168.2.4
                                                                                                                                                                                                            Dec 18, 2024 08:50:28.233860016 CET497313000192.168.2.4130.193.51.109
                                                                                                                                                                                                            Dec 18, 2024 08:50:28.234040976 CET497313000192.168.2.4130.193.51.109
                                                                                                                                                                                                            Dec 18, 2024 08:50:28.234091997 CET497313000192.168.2.4130.193.51.109
                                                                                                                                                                                                            Dec 18, 2024 08:50:28.353697062 CET300049731130.193.51.109192.168.2.4
                                                                                                                                                                                                            Dec 18, 2024 08:50:28.353756905 CET300049731130.193.51.109192.168.2.4
                                                                                                                                                                                                            Dec 18, 2024 08:50:30.502471924 CET300049731130.193.51.109192.168.2.4
                                                                                                                                                                                                            Dec 18, 2024 08:50:30.502532005 CET497313000192.168.2.4130.193.51.109
                                                                                                                                                                                                            Dec 18, 2024 08:50:30.502691031 CET497313000192.168.2.4130.193.51.109
                                                                                                                                                                                                            Dec 18, 2024 08:50:30.622185946 CET300049731130.193.51.109192.168.2.4

                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                            • 130.193.51.109:3000

                                                                                                                                                                                                            HTTP Packets

                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                            0192.168.2.449731130.193.51.10930004908C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                            Dec 18, 2024 08:50:28.234040976 CET216OUTPOST /receive_info HTTP/1.1
                                                                                                                                                                                                            Host: 130.193.51.109:3000
                                                                                                                                                                                                            User-Agent: python-requests/2.32.3
                                                                                                                                                                                                            Accept-Encoding: gzip, deflate
                                                                                                                                                                                                            Accept: */*
                                                                                                                                                                                                            Connection: keep-alive
                                                                                                                                                                                                            Content-Length: 177
                                                                                                                                                                                                            Content-Type: application/json


                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                            Start time:02:50:13
                                                                                                                                                                                                            Start date:18/12/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\rvigVjH6wf.exe"
                                                                                                                                                                                                            Imagebase:0x7ff6b89c0000
                                                                                                                                                                                                            File size:15'923'171 bytes
                                                                                                                                                                                                            MD5 hash:F80D7F221E494EDDECBCE2A160890733
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            General

                                                                                                                                                                                                            Target ID:1
                                                                                                                                                                                                            Start time:02:50:17
                                                                                                                                                                                                            Start date:18/12/2024
                                                                                                                                                                                                            Path:C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\rvigVjH6wf.exe"
                                                                                                                                                                                                            Imagebase:0x7ff6b89c0000
                                                                                                                                                                                                            File size:15'923'171 bytes
                                                                                                                                                                                                            MD5 hash:F80D7F221E494EDDECBCE2A160890733
                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                            Has exited:false

                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:9.4%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:20.1%
                                                                                                                                                                                                              Total number of Nodes:2000
                                                                                                                                                                                                              Total number of Limit Nodes:31
                                                                                                                                                                                                              execution_graph 19749 7ff6b89eadd9 19752 7ff6b89d54e8 LeaveCriticalSection 19749->19752 20588 7ff6b89eae6e 20589 7ff6b89eae7d 20588->20589 20590 7ff6b89eae87 20588->20590 20592 7ff6b89e03a8 LeaveCriticalSection 20589->20592 19761 7ff6b89ccbc0 19762 7ff6b89ccbd0 19761->19762 19778 7ff6b89d9c18 19762->19778 19764 7ff6b89ccbdc 19784 7ff6b89cceb8 19764->19784 19766 7ff6b89cd19c 7 API calls 19768 7ff6b89ccc75 19766->19768 19767 7ff6b89ccbf4 _RTC_Initialize 19776 7ff6b89ccc49 19767->19776 19789 7ff6b89cd068 19767->19789 19770 7ff6b89ccc09 19792 7ff6b89d9084 19770->19792 19776->19766 19777 7ff6b89ccc65 19776->19777 19779 7ff6b89d9c29 19778->19779 19780 7ff6b89d4f78 _get_daylight 11 API calls 19779->19780 19783 7ff6b89d9c31 19779->19783 19781 7ff6b89d9c40 19780->19781 19782 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19781->19782 19782->19783 19783->19764 19785 7ff6b89ccec9 19784->19785 19788 7ff6b89ccece __scrt_acquire_startup_lock 19784->19788 19786 7ff6b89cd19c 7 API calls 19785->19786 19785->19788 19787 7ff6b89ccf42 19786->19787 19788->19767 19817 7ff6b89cd02c 19789->19817 19791 7ff6b89cd071 19791->19770 19793 7ff6b89ccc15 19792->19793 19794 7ff6b89d90a4 19792->19794 19793->19776 19816 7ff6b89cd13c InitializeSListHead 19793->19816 19795 7ff6b89d90c2 GetModuleFileNameW 19794->19795 19796 7ff6b89d90ac 19794->19796 19800 7ff6b89d90ed 19795->19800 19797 7ff6b89d4f78 _get_daylight 11 API calls 19796->19797 19798 7ff6b89d90b1 19797->19798 19799 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19798->19799 19799->19793 19832 7ff6b89d9024 19800->19832 19803 7ff6b89d9135 19804 7ff6b89d4f78 _get_daylight 11 API calls 19803->19804 19805 7ff6b89d913a 19804->19805 19806 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19805->19806 19806->19793 19807 7ff6b89d914d 19808 7ff6b89d916f 19807->19808 19810 7ff6b89d91b4 19807->19810 19811 7ff6b89d919b 19807->19811 19809 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19808->19809 19809->19793 19813 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19810->19813 19812 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19811->19812 19814 7ff6b89d91a4 19812->19814 19813->19808 19815 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19814->19815 19815->19793 19818 7ff6b89cd046 19817->19818 19820 7ff6b89cd03f 19817->19820 19821 7ff6b89da25c 19818->19821 19820->19791 19824 7ff6b89d9e98 19821->19824 19831 7ff6b89e0348 EnterCriticalSection 19824->19831 19833 7ff6b89d9074 19832->19833 19834 7ff6b89d903c 19832->19834 19833->19803 19833->19807 19834->19833 19835 7ff6b89dec08 _get_daylight 11 API calls 19834->19835 19836 7ff6b89d906a 19835->19836 19837 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19836->19837 19837->19833 19838 7ff6b89d9dc0 19841 7ff6b89d9d3c 19838->19841 19848 7ff6b89e0348 EnterCriticalSection 19841->19848 20593 7ff6b89db040 20594 7ff6b89db045 20593->20594 20595 7ff6b89db05a 20593->20595 20599 7ff6b89db060 20594->20599 20600 7ff6b89db0a2 20599->20600 20601 7ff6b89db0aa 20599->20601 20602 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20600->20602 20603 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20601->20603 20602->20601 20604 7ff6b89db0b7 20603->20604 20605 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20604->20605 20606 7ff6b89db0c4 20605->20606 20607 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20606->20607 20608 7ff6b89db0d1 20607->20608 20609 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20608->20609 20610 7ff6b89db0de 20609->20610 20611 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20610->20611 20612 7ff6b89db0eb 20611->20612 20613 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20612->20613 20614 7ff6b89db0f8 20613->20614 20615 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20614->20615 20616 7ff6b89db105 20615->20616 20617 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20616->20617 20618 7ff6b89db115 20617->20618 20619 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20618->20619 20620 7ff6b89db125 20619->20620 20625 7ff6b89daf04 20620->20625 20639 7ff6b89e0348 EnterCriticalSection 20625->20639 19011 7ff6b89e0938 19012 7ff6b89e095c 19011->19012 19014 7ff6b89e096c 19011->19014 19013 7ff6b89d4f78 _get_daylight 11 API calls 19012->19013 19036 7ff6b89e0961 19013->19036 19015 7ff6b89e0c4c 19014->19015 19017 7ff6b89e098e 19014->19017 19016 7ff6b89d4f78 _get_daylight 11 API calls 19015->19016 19019 7ff6b89e0c51 19016->19019 19018 7ff6b89e09af 19017->19018 19142 7ff6b89e0ff4 19017->19142 19022 7ff6b89e0a21 19018->19022 19024 7ff6b89e09d5 19018->19024 19028 7ff6b89e0a15 19018->19028 19021 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19019->19021 19021->19036 19026 7ff6b89dec08 _get_daylight 11 API calls 19022->19026 19042 7ff6b89e09e4 19022->19042 19023 7ff6b89e0ace 19035 7ff6b89e0aeb 19023->19035 19043 7ff6b89e0b3d 19023->19043 19157 7ff6b89d9730 19024->19157 19029 7ff6b89e0a37 19026->19029 19028->19023 19028->19042 19163 7ff6b89e719c 19028->19163 19032 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19029->19032 19031 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19031->19036 19037 7ff6b89e0a45 19032->19037 19033 7ff6b89e09df 19038 7ff6b89d4f78 _get_daylight 11 API calls 19033->19038 19034 7ff6b89e09fd 19034->19028 19041 7ff6b89e0ff4 45 API calls 19034->19041 19039 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19035->19039 19037->19028 19037->19042 19046 7ff6b89dec08 _get_daylight 11 API calls 19037->19046 19038->19042 19040 7ff6b89e0af4 19039->19040 19052 7ff6b89e0af9 19040->19052 19199 7ff6b89e344c 19040->19199 19041->19028 19042->19031 19043->19042 19044 7ff6b89e344c 40 API calls 19043->19044 19045 7ff6b89e0b7a 19044->19045 19047 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19045->19047 19049 7ff6b89e0a67 19046->19049 19050 7ff6b89e0b84 19047->19050 19054 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19049->19054 19050->19042 19050->19052 19051 7ff6b89e0c40 19056 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19051->19056 19052->19051 19057 7ff6b89dec08 _get_daylight 11 API calls 19052->19057 19053 7ff6b89e0b25 19055 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19053->19055 19054->19028 19055->19052 19056->19036 19058 7ff6b89e0bc8 19057->19058 19059 7ff6b89e0bd0 19058->19059 19060 7ff6b89e0bd9 19058->19060 19061 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19059->19061 19062 7ff6b89da514 __std_exception_copy 37 API calls 19060->19062 19064 7ff6b89e0bd7 19061->19064 19063 7ff6b89e0be8 19062->19063 19065 7ff6b89e0bf0 19063->19065 19066 7ff6b89e0c7b 19063->19066 19069 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19064->19069 19208 7ff6b89e72b4 19065->19208 19068 7ff6b89da970 _isindst 17 API calls 19066->19068 19071 7ff6b89e0c8f 19068->19071 19069->19036 19074 7ff6b89e0cb8 19071->19074 19079 7ff6b89e0cc8 19071->19079 19072 7ff6b89e0c17 19075 7ff6b89d4f78 _get_daylight 11 API calls 19072->19075 19073 7ff6b89e0c38 19077 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19073->19077 19076 7ff6b89d4f78 _get_daylight 11 API calls 19074->19076 19078 7ff6b89e0c1c 19075->19078 19101 7ff6b89e0cbd 19076->19101 19077->19051 19081 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19078->19081 19080 7ff6b89e0fab 19079->19080 19082 7ff6b89e0cea 19079->19082 19083 7ff6b89d4f78 _get_daylight 11 API calls 19080->19083 19081->19064 19084 7ff6b89e0d07 19082->19084 19227 7ff6b89e10dc 19082->19227 19085 7ff6b89e0fb0 19083->19085 19088 7ff6b89e0d7b 19084->19088 19090 7ff6b89e0d2f 19084->19090 19095 7ff6b89e0d6f 19084->19095 19087 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19085->19087 19087->19101 19092 7ff6b89e0da3 19088->19092 19096 7ff6b89dec08 _get_daylight 11 API calls 19088->19096 19112 7ff6b89e0d3e 19088->19112 19089 7ff6b89e0e2e 19100 7ff6b89e0e4b 19089->19100 19109 7ff6b89e0e9e 19089->19109 19242 7ff6b89d976c 19090->19242 19092->19095 19098 7ff6b89dec08 _get_daylight 11 API calls 19092->19098 19092->19112 19094 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19094->19101 19095->19089 19095->19112 19248 7ff6b89e705c 19095->19248 19102 7ff6b89e0d95 19096->19102 19099 7ff6b89e0dc5 19098->19099 19105 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19099->19105 19106 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19100->19106 19107 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19102->19107 19103 7ff6b89e0d57 19103->19095 19111 7ff6b89e10dc 45 API calls 19103->19111 19104 7ff6b89e0d39 19108 7ff6b89d4f78 _get_daylight 11 API calls 19104->19108 19105->19095 19110 7ff6b89e0e54 19106->19110 19107->19092 19108->19112 19109->19112 19113 7ff6b89e344c 40 API calls 19109->19113 19116 7ff6b89e344c 40 API calls 19110->19116 19119 7ff6b89e0e5a 19110->19119 19111->19095 19112->19094 19114 7ff6b89e0edc 19113->19114 19115 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19114->19115 19117 7ff6b89e0ee6 19115->19117 19120 7ff6b89e0e86 19116->19120 19117->19112 19117->19119 19118 7ff6b89e0f9f 19122 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19118->19122 19119->19118 19123 7ff6b89dec08 _get_daylight 11 API calls 19119->19123 19121 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19120->19121 19121->19119 19122->19101 19124 7ff6b89e0f2b 19123->19124 19125 7ff6b89e0f33 19124->19125 19126 7ff6b89e0f3c 19124->19126 19128 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19125->19128 19127 7ff6b89e04e4 37 API calls 19126->19127 19129 7ff6b89e0f4a 19127->19129 19130 7ff6b89e0f3a 19128->19130 19131 7ff6b89e0f52 SetEnvironmentVariableW 19129->19131 19132 7ff6b89e0fdf 19129->19132 19136 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19130->19136 19133 7ff6b89e0f97 19131->19133 19134 7ff6b89e0f76 19131->19134 19135 7ff6b89da970 _isindst 17 API calls 19132->19135 19139 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19133->19139 19137 7ff6b89d4f78 _get_daylight 11 API calls 19134->19137 19138 7ff6b89e0ff3 19135->19138 19136->19101 19140 7ff6b89e0f7b 19137->19140 19139->19118 19141 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19140->19141 19141->19130 19143 7ff6b89e1029 19142->19143 19150 7ff6b89e1011 19142->19150 19144 7ff6b89dec08 _get_daylight 11 API calls 19143->19144 19145 7ff6b89e104d 19144->19145 19147 7ff6b89e10ae 19145->19147 19151 7ff6b89dec08 _get_daylight 11 API calls 19145->19151 19152 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19145->19152 19153 7ff6b89da514 __std_exception_copy 37 API calls 19145->19153 19154 7ff6b89e10bd 19145->19154 19156 7ff6b89e10d2 19145->19156 19146 7ff6b89da574 __GetCurrentState 45 API calls 19148 7ff6b89e10d8 19146->19148 19149 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19147->19149 19149->19150 19150->19018 19151->19145 19152->19145 19153->19145 19155 7ff6b89da970 _isindst 17 API calls 19154->19155 19155->19156 19156->19146 19158 7ff6b89d9740 19157->19158 19159 7ff6b89d9749 19157->19159 19158->19159 19272 7ff6b89d9208 19158->19272 19159->19033 19159->19034 19164 7ff6b89e62c4 19163->19164 19165 7ff6b89e71a9 19163->19165 19166 7ff6b89e62d1 19164->19166 19171 7ff6b89e6307 19164->19171 19167 7ff6b89d4fbc 45 API calls 19165->19167 19169 7ff6b89d4f78 _get_daylight 11 API calls 19166->19169 19183 7ff6b89e6278 19166->19183 19168 7ff6b89e71dd 19167->19168 19172 7ff6b89e71e2 19168->19172 19177 7ff6b89e71f3 19168->19177 19180 7ff6b89e720a 19168->19180 19173 7ff6b89e62db 19169->19173 19170 7ff6b89e6331 19174 7ff6b89d4f78 _get_daylight 11 API calls 19170->19174 19171->19170 19176 7ff6b89e6356 19171->19176 19172->19028 19178 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19173->19178 19175 7ff6b89e6336 19174->19175 19179 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19175->19179 19184 7ff6b89d4fbc 45 API calls 19176->19184 19191 7ff6b89e6341 19176->19191 19181 7ff6b89d4f78 _get_daylight 11 API calls 19177->19181 19182 7ff6b89e62e6 19178->19182 19179->19191 19186 7ff6b89e7214 19180->19186 19187 7ff6b89e7226 19180->19187 19185 7ff6b89e71f8 19181->19185 19182->19028 19183->19028 19184->19191 19192 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19185->19192 19188 7ff6b89d4f78 _get_daylight 11 API calls 19186->19188 19189 7ff6b89e724e 19187->19189 19190 7ff6b89e7237 19187->19190 19193 7ff6b89e7219 19188->19193 19513 7ff6b89e8fbc 19189->19513 19504 7ff6b89e6314 19190->19504 19191->19028 19192->19172 19196 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19193->19196 19196->19172 19198 7ff6b89d4f78 _get_daylight 11 API calls 19198->19172 19200 7ff6b89e346e 19199->19200 19201 7ff6b89e348b 19199->19201 19200->19201 19202 7ff6b89e347c 19200->19202 19203 7ff6b89e3495 19201->19203 19553 7ff6b89e7ca8 19201->19553 19204 7ff6b89d4f78 _get_daylight 11 API calls 19202->19204 19560 7ff6b89e7ce4 19203->19560 19207 7ff6b89e3481 memcpy_s 19204->19207 19207->19053 19209 7ff6b89d4fbc 45 API calls 19208->19209 19210 7ff6b89e731a 19209->19210 19212 7ff6b89e7328 19210->19212 19572 7ff6b89def94 19210->19572 19575 7ff6b89d551c 19212->19575 19215 7ff6b89d4fbc 45 API calls 19217 7ff6b89e7397 19215->19217 19216 7ff6b89e7414 19218 7ff6b89e7425 19216->19218 19219 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19216->19219 19221 7ff6b89def94 5 API calls 19217->19221 19224 7ff6b89e73a0 19217->19224 19220 7ff6b89e0c13 19218->19220 19222 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19218->19222 19219->19218 19220->19072 19220->19073 19221->19224 19222->19220 19223 7ff6b89d551c 14 API calls 19225 7ff6b89e73fb 19223->19225 19224->19223 19225->19216 19226 7ff6b89e7403 SetEnvironmentVariableW 19225->19226 19226->19216 19228 7ff6b89e111c 19227->19228 19229 7ff6b89e10ff 19227->19229 19230 7ff6b89dec08 _get_daylight 11 API calls 19228->19230 19229->19084 19237 7ff6b89e1140 19230->19237 19231 7ff6b89e11c4 19233 7ff6b89da574 __GetCurrentState 45 API calls 19231->19233 19232 7ff6b89e11a1 19235 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19232->19235 19234 7ff6b89e11ca 19233->19234 19235->19229 19236 7ff6b89dec08 _get_daylight 11 API calls 19236->19237 19237->19231 19237->19232 19237->19236 19238 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19237->19238 19239 7ff6b89e04e4 37 API calls 19237->19239 19240 7ff6b89e11b0 19237->19240 19238->19237 19239->19237 19241 7ff6b89da970 _isindst 17 API calls 19240->19241 19241->19231 19243 7ff6b89d977c 19242->19243 19246 7ff6b89d9785 19242->19246 19243->19246 19597 7ff6b89d927c 19243->19597 19246->19103 19246->19104 19249 7ff6b89e7069 19248->19249 19252 7ff6b89e7096 19248->19252 19250 7ff6b89e706e 19249->19250 19249->19252 19251 7ff6b89d4f78 _get_daylight 11 API calls 19250->19251 19254 7ff6b89e7073 19251->19254 19253 7ff6b89e70da 19252->19253 19256 7ff6b89e70f9 19252->19256 19270 7ff6b89e70ce __crtLCMapStringW 19252->19270 19255 7ff6b89d4f78 _get_daylight 11 API calls 19253->19255 19257 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19254->19257 19258 7ff6b89e70df 19255->19258 19259 7ff6b89e7103 19256->19259 19260 7ff6b89e7115 19256->19260 19261 7ff6b89e707e 19257->19261 19263 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19258->19263 19264 7ff6b89d4f78 _get_daylight 11 API calls 19259->19264 19262 7ff6b89d4fbc 45 API calls 19260->19262 19261->19095 19265 7ff6b89e7122 19262->19265 19263->19270 19266 7ff6b89e7108 19264->19266 19265->19270 19644 7ff6b89e8b78 19265->19644 19267 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19266->19267 19267->19270 19270->19095 19271 7ff6b89d4f78 _get_daylight 11 API calls 19271->19270 19273 7ff6b89d9221 19272->19273 19274 7ff6b89d921d 19272->19274 19295 7ff6b89e2660 19273->19295 19274->19159 19287 7ff6b89d955c 19274->19287 19279 7ff6b89d9233 19282 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19279->19282 19280 7ff6b89d923f 19321 7ff6b89d92ec 19280->19321 19282->19274 19284 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19285 7ff6b89d9266 19284->19285 19286 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19285->19286 19286->19274 19288 7ff6b89d9585 19287->19288 19293 7ff6b89d959e 19287->19293 19288->19159 19289 7ff6b89dec08 _get_daylight 11 API calls 19289->19293 19290 7ff6b89d962e 19292 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19290->19292 19291 7ff6b89e0858 WideCharToMultiByte 19291->19293 19292->19288 19293->19288 19293->19289 19293->19290 19293->19291 19294 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19293->19294 19294->19293 19296 7ff6b89e266d 19295->19296 19297 7ff6b89d9226 19295->19297 19340 7ff6b89db294 19296->19340 19301 7ff6b89e299c GetEnvironmentStringsW 19297->19301 19302 7ff6b89d922b 19301->19302 19303 7ff6b89e29cc 19301->19303 19302->19279 19302->19280 19304 7ff6b89e0858 WideCharToMultiByte 19303->19304 19305 7ff6b89e2a1d 19304->19305 19306 7ff6b89e2a24 FreeEnvironmentStringsW 19305->19306 19307 7ff6b89dd66c _fread_nolock 12 API calls 19305->19307 19306->19302 19308 7ff6b89e2a37 19307->19308 19309 7ff6b89e2a3f 19308->19309 19310 7ff6b89e2a48 19308->19310 19311 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19309->19311 19312 7ff6b89e0858 WideCharToMultiByte 19310->19312 19313 7ff6b89e2a46 19311->19313 19314 7ff6b89e2a6b 19312->19314 19313->19306 19315 7ff6b89e2a6f 19314->19315 19316 7ff6b89e2a79 19314->19316 19317 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19315->19317 19318 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19316->19318 19319 7ff6b89e2a77 FreeEnvironmentStringsW 19317->19319 19318->19319 19319->19302 19322 7ff6b89d9311 19321->19322 19323 7ff6b89dec08 _get_daylight 11 API calls 19322->19323 19334 7ff6b89d9347 19323->19334 19324 7ff6b89d934f 19325 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19324->19325 19326 7ff6b89d9247 19325->19326 19326->19284 19327 7ff6b89d93c2 19328 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19327->19328 19328->19326 19329 7ff6b89dec08 _get_daylight 11 API calls 19329->19334 19330 7ff6b89d93b1 19498 7ff6b89d9518 19330->19498 19331 7ff6b89da514 __std_exception_copy 37 API calls 19331->19334 19334->19324 19334->19327 19334->19329 19334->19330 19334->19331 19335 7ff6b89d93e7 19334->19335 19338 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19334->19338 19337 7ff6b89da970 _isindst 17 API calls 19335->19337 19336 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19336->19324 19339 7ff6b89d93fa 19337->19339 19338->19334 19341 7ff6b89db2a5 FlsGetValue 19340->19341 19342 7ff6b89db2c0 FlsSetValue 19340->19342 19343 7ff6b89db2ba 19341->19343 19344 7ff6b89db2b2 19341->19344 19342->19344 19345 7ff6b89db2cd 19342->19345 19343->19342 19346 7ff6b89db2b8 19344->19346 19347 7ff6b89da574 __GetCurrentState 45 API calls 19344->19347 19348 7ff6b89dec08 _get_daylight 11 API calls 19345->19348 19360 7ff6b89e2334 19346->19360 19349 7ff6b89db335 19347->19349 19350 7ff6b89db2dc 19348->19350 19351 7ff6b89db2fa FlsSetValue 19350->19351 19352 7ff6b89db2ea FlsSetValue 19350->19352 19354 7ff6b89db306 FlsSetValue 19351->19354 19355 7ff6b89db318 19351->19355 19353 7ff6b89db2f3 19352->19353 19357 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19353->19357 19354->19353 19356 7ff6b89daf64 _get_daylight 11 API calls 19355->19356 19358 7ff6b89db320 19356->19358 19357->19344 19359 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19358->19359 19359->19346 19383 7ff6b89e25a4 19360->19383 19362 7ff6b89e2369 19398 7ff6b89e2034 19362->19398 19365 7ff6b89dd66c _fread_nolock 12 API calls 19366 7ff6b89e2397 19365->19366 19367 7ff6b89e239f 19366->19367 19369 7ff6b89e23ae 19366->19369 19368 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19367->19368 19380 7ff6b89e2386 19368->19380 19369->19369 19405 7ff6b89e26dc 19369->19405 19372 7ff6b89e24aa 19373 7ff6b89d4f78 _get_daylight 11 API calls 19372->19373 19374 7ff6b89e24af 19373->19374 19376 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19374->19376 19375 7ff6b89e2505 19382 7ff6b89e256c 19375->19382 19416 7ff6b89e1e64 19375->19416 19376->19380 19377 7ff6b89e24c4 19377->19375 19381 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19377->19381 19379 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19379->19380 19380->19297 19381->19375 19382->19379 19384 7ff6b89e25c7 19383->19384 19385 7ff6b89e25d1 19384->19385 19431 7ff6b89e0348 EnterCriticalSection 19384->19431 19387 7ff6b89e2643 19385->19387 19390 7ff6b89da574 __GetCurrentState 45 API calls 19385->19390 19387->19362 19391 7ff6b89e265b 19390->19391 19394 7ff6b89db294 50 API calls 19391->19394 19397 7ff6b89e26b2 19391->19397 19395 7ff6b89e269c 19394->19395 19396 7ff6b89e2334 65 API calls 19395->19396 19396->19397 19397->19362 19399 7ff6b89d4fbc 45 API calls 19398->19399 19400 7ff6b89e2048 19399->19400 19401 7ff6b89e2054 GetOEMCP 19400->19401 19402 7ff6b89e2066 19400->19402 19403 7ff6b89e207b 19401->19403 19402->19403 19404 7ff6b89e206b GetACP 19402->19404 19403->19365 19403->19380 19404->19403 19406 7ff6b89e2034 47 API calls 19405->19406 19407 7ff6b89e2709 19406->19407 19408 7ff6b89e285f 19407->19408 19410 7ff6b89e2746 IsValidCodePage 19407->19410 19412 7ff6b89e2760 memcpy_s 19407->19412 19409 7ff6b89cc5c0 _log10_special 8 API calls 19408->19409 19411 7ff6b89e24a1 19409->19411 19410->19408 19413 7ff6b89e2757 19410->19413 19411->19372 19411->19377 19432 7ff6b89e214c 19412->19432 19413->19412 19414 7ff6b89e2786 GetCPInfo 19413->19414 19414->19408 19414->19412 19497 7ff6b89e0348 EnterCriticalSection 19416->19497 19433 7ff6b89e2189 GetCPInfo 19432->19433 19434 7ff6b89e227f 19432->19434 19433->19434 19440 7ff6b89e219c 19433->19440 19435 7ff6b89cc5c0 _log10_special 8 API calls 19434->19435 19436 7ff6b89e231e 19435->19436 19436->19408 19437 7ff6b89e2eb0 48 API calls 19438 7ff6b89e2213 19437->19438 19443 7ff6b89e7bf4 19438->19443 19440->19437 19442 7ff6b89e7bf4 54 API calls 19442->19434 19444 7ff6b89d4fbc 45 API calls 19443->19444 19445 7ff6b89e7c19 19444->19445 19448 7ff6b89e78c0 19445->19448 19449 7ff6b89e7901 19448->19449 19450 7ff6b89df910 _fread_nolock MultiByteToWideChar 19449->19450 19453 7ff6b89e794b 19450->19453 19451 7ff6b89e7bc9 19452 7ff6b89cc5c0 _log10_special 8 API calls 19451->19452 19454 7ff6b89e2246 19452->19454 19453->19451 19455 7ff6b89dd66c _fread_nolock 12 API calls 19453->19455 19456 7ff6b89e7a81 19453->19456 19458 7ff6b89e7983 19453->19458 19454->19442 19455->19458 19456->19451 19457 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19456->19457 19457->19451 19458->19456 19459 7ff6b89df910 _fread_nolock MultiByteToWideChar 19458->19459 19460 7ff6b89e79f6 19459->19460 19460->19456 19479 7ff6b89df154 19460->19479 19463 7ff6b89e7a92 19465 7ff6b89dd66c _fread_nolock 12 API calls 19463->19465 19467 7ff6b89e7b64 19463->19467 19469 7ff6b89e7ab0 19463->19469 19464 7ff6b89e7a41 19464->19456 19466 7ff6b89df154 __crtLCMapStringW 6 API calls 19464->19466 19465->19469 19466->19456 19467->19456 19468 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19467->19468 19468->19456 19469->19456 19470 7ff6b89df154 __crtLCMapStringW 6 API calls 19469->19470 19471 7ff6b89e7b30 19470->19471 19471->19467 19472 7ff6b89e7b50 19471->19472 19473 7ff6b89e7b66 19471->19473 19475 7ff6b89e0858 WideCharToMultiByte 19472->19475 19474 7ff6b89e0858 WideCharToMultiByte 19473->19474 19476 7ff6b89e7b5e 19474->19476 19475->19476 19476->19467 19477 7ff6b89e7b7e 19476->19477 19477->19456 19478 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19477->19478 19478->19456 19485 7ff6b89ded80 19479->19485 19482 7ff6b89df19a 19482->19456 19482->19463 19482->19464 19484 7ff6b89df203 LCMapStringW 19484->19482 19490 7ff6b89deddd 19485->19490 19492 7ff6b89dedd8 __vcrt_FlsAlloc 19485->19492 19486 7ff6b89dee0d LoadLibraryExW 19488 7ff6b89deee2 19486->19488 19489 7ff6b89dee32 GetLastError 19486->19489 19487 7ff6b89def02 GetProcAddress 19487->19490 19488->19487 19491 7ff6b89deef9 FreeLibrary 19488->19491 19489->19492 19490->19482 19494 7ff6b89df240 19490->19494 19491->19487 19492->19486 19492->19487 19492->19490 19493 7ff6b89dee6c LoadLibraryExW 19492->19493 19493->19488 19493->19492 19495 7ff6b89ded80 __crtLCMapStringW 5 API calls 19494->19495 19496 7ff6b89df26e __crtLCMapStringW 19495->19496 19496->19484 19502 7ff6b89d951d 19498->19502 19503 7ff6b89d93b9 19498->19503 19499 7ff6b89d9546 19501 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19499->19501 19500 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19500->19502 19501->19503 19502->19499 19502->19500 19503->19336 19505 7ff6b89e6331 19504->19505 19506 7ff6b89e6348 19504->19506 19507 7ff6b89d4f78 _get_daylight 11 API calls 19505->19507 19506->19505 19509 7ff6b89e6356 19506->19509 19508 7ff6b89e6336 19507->19508 19510 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19508->19510 19511 7ff6b89d4fbc 45 API calls 19509->19511 19512 7ff6b89e6341 19509->19512 19510->19512 19511->19512 19512->19172 19514 7ff6b89d4fbc 45 API calls 19513->19514 19515 7ff6b89e8fe1 19514->19515 19518 7ff6b89e8c38 19515->19518 19521 7ff6b89e8c86 19518->19521 19519 7ff6b89cc5c0 _log10_special 8 API calls 19520 7ff6b89e7275 19519->19520 19520->19172 19520->19198 19522 7ff6b89e8d0d 19521->19522 19524 7ff6b89e8cf8 GetCPInfo 19521->19524 19527 7ff6b89e8d11 19521->19527 19523 7ff6b89df910 _fread_nolock MultiByteToWideChar 19522->19523 19522->19527 19525 7ff6b89e8da5 19523->19525 19524->19522 19524->19527 19526 7ff6b89dd66c _fread_nolock 12 API calls 19525->19526 19525->19527 19528 7ff6b89e8ddc 19525->19528 19526->19528 19527->19519 19528->19527 19529 7ff6b89df910 _fread_nolock MultiByteToWideChar 19528->19529 19530 7ff6b89e8e4a 19529->19530 19531 7ff6b89e8f2c 19530->19531 19532 7ff6b89df910 _fread_nolock MultiByteToWideChar 19530->19532 19531->19527 19533 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19531->19533 19534 7ff6b89e8e70 19532->19534 19533->19527 19534->19531 19535 7ff6b89dd66c _fread_nolock 12 API calls 19534->19535 19536 7ff6b89e8e9d 19534->19536 19535->19536 19536->19531 19537 7ff6b89df910 _fread_nolock MultiByteToWideChar 19536->19537 19538 7ff6b89e8f14 19537->19538 19539 7ff6b89e8f34 19538->19539 19540 7ff6b89e8f1a 19538->19540 19547 7ff6b89defd8 19539->19547 19540->19531 19542 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19540->19542 19542->19531 19544 7ff6b89e8f73 19544->19527 19546 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19544->19546 19545 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19545->19544 19546->19527 19548 7ff6b89ded80 __crtLCMapStringW 5 API calls 19547->19548 19549 7ff6b89df016 19548->19549 19550 7ff6b89df240 __crtLCMapStringW 5 API calls 19549->19550 19552 7ff6b89df01e 19549->19552 19551 7ff6b89df087 CompareStringW 19550->19551 19551->19552 19552->19544 19552->19545 19554 7ff6b89e7cb1 19553->19554 19555 7ff6b89e7cca HeapSize 19553->19555 19556 7ff6b89d4f78 _get_daylight 11 API calls 19554->19556 19557 7ff6b89e7cb6 19556->19557 19558 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19557->19558 19559 7ff6b89e7cc1 19558->19559 19559->19203 19561 7ff6b89e7d03 19560->19561 19562 7ff6b89e7cf9 19560->19562 19564 7ff6b89e7d08 19561->19564 19570 7ff6b89e7d0f _get_daylight 19561->19570 19563 7ff6b89dd66c _fread_nolock 12 API calls 19562->19563 19568 7ff6b89e7d01 19563->19568 19565 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19564->19565 19565->19568 19566 7ff6b89e7d42 HeapReAlloc 19566->19568 19566->19570 19567 7ff6b89e7d15 19569 7ff6b89d4f78 _get_daylight 11 API calls 19567->19569 19568->19207 19569->19568 19570->19566 19570->19567 19571 7ff6b89e3600 _get_daylight 2 API calls 19570->19571 19571->19570 19573 7ff6b89ded80 __crtLCMapStringW 5 API calls 19572->19573 19574 7ff6b89defb4 19573->19574 19574->19212 19576 7ff6b89d556a 19575->19576 19577 7ff6b89d5546 19575->19577 19578 7ff6b89d55c4 19576->19578 19579 7ff6b89d556f 19576->19579 19581 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19577->19581 19584 7ff6b89d5555 19577->19584 19580 7ff6b89df910 _fread_nolock MultiByteToWideChar 19578->19580 19582 7ff6b89d5584 19579->19582 19579->19584 19585 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19579->19585 19591 7ff6b89d55e0 19580->19591 19581->19584 19586 7ff6b89dd66c _fread_nolock 12 API calls 19582->19586 19583 7ff6b89d55e7 GetLastError 19587 7ff6b89d4eec _fread_nolock 11 API calls 19583->19587 19584->19215 19584->19216 19585->19582 19586->19584 19590 7ff6b89d55f4 19587->19590 19588 7ff6b89d5622 19588->19584 19589 7ff6b89df910 _fread_nolock MultiByteToWideChar 19588->19589 19593 7ff6b89d5666 19589->19593 19594 7ff6b89d4f78 _get_daylight 11 API calls 19590->19594 19591->19583 19591->19588 19592 7ff6b89d5615 19591->19592 19595 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19591->19595 19596 7ff6b89dd66c _fread_nolock 12 API calls 19592->19596 19593->19583 19593->19584 19594->19584 19595->19592 19596->19588 19598 7ff6b89d9295 19597->19598 19609 7ff6b89d9291 19597->19609 19618 7ff6b89e2aac GetEnvironmentStringsW 19598->19618 19601 7ff6b89d92a2 19604 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19601->19604 19602 7ff6b89d92ae 19625 7ff6b89d93fc 19602->19625 19604->19609 19606 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19607 7ff6b89d92d5 19606->19607 19608 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19607->19608 19608->19609 19609->19246 19610 7ff6b89d963c 19609->19610 19611 7ff6b89d965f 19610->19611 19617 7ff6b89d9676 19610->19617 19611->19246 19612 7ff6b89dec08 _get_daylight 11 API calls 19612->19617 19613 7ff6b89d96ea 19615 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19613->19615 19614 7ff6b89df910 MultiByteToWideChar _fread_nolock 19614->19617 19615->19611 19616 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19616->19617 19617->19611 19617->19612 19617->19613 19617->19614 19617->19616 19619 7ff6b89d929a 19618->19619 19620 7ff6b89e2ad0 19618->19620 19619->19601 19619->19602 19621 7ff6b89dd66c _fread_nolock 12 API calls 19620->19621 19622 7ff6b89e2b07 memcpy_s 19621->19622 19623 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19622->19623 19624 7ff6b89e2b27 FreeEnvironmentStringsW 19623->19624 19624->19619 19626 7ff6b89d9424 19625->19626 19627 7ff6b89dec08 _get_daylight 11 API calls 19626->19627 19636 7ff6b89d945f 19627->19636 19628 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19629 7ff6b89d92b6 19628->19629 19629->19606 19630 7ff6b89d94e1 19631 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19630->19631 19631->19629 19632 7ff6b89dec08 _get_daylight 11 API calls 19632->19636 19633 7ff6b89d94d0 19635 7ff6b89d9518 11 API calls 19633->19635 19634 7ff6b89e04e4 37 API calls 19634->19636 19637 7ff6b89d94d8 19635->19637 19636->19630 19636->19632 19636->19633 19636->19634 19638 7ff6b89d9504 19636->19638 19641 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19636->19641 19642 7ff6b89d9467 19636->19642 19639 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 19637->19639 19640 7ff6b89da970 _isindst 17 API calls 19638->19640 19639->19642 19643 7ff6b89d9516 19640->19643 19641->19636 19642->19628 19645 7ff6b89e8ba1 __crtLCMapStringW 19644->19645 19646 7ff6b89e715e 19645->19646 19647 7ff6b89defd8 6 API calls 19645->19647 19646->19270 19646->19271 19647->19646 20641 7ff6b89eac53 20642 7ff6b89eac63 20641->20642 20645 7ff6b89d54e8 LeaveCriticalSection 20642->20645 16037 7ff6b89cbb50 16038 7ff6b89cbb7e 16037->16038 16039 7ff6b89cbb65 16037->16039 16039->16038 16042 7ff6b89dd66c 16039->16042 16043 7ff6b89dd6b7 16042->16043 16047 7ff6b89dd67b _get_daylight 16042->16047 16052 7ff6b89d4f78 16043->16052 16045 7ff6b89dd69e HeapAlloc 16046 7ff6b89cbbde 16045->16046 16045->16047 16047->16043 16047->16045 16049 7ff6b89e3600 16047->16049 16055 7ff6b89e3640 16049->16055 16061 7ff6b89db338 GetLastError 16052->16061 16054 7ff6b89d4f81 16054->16046 16060 7ff6b89e0348 EnterCriticalSection 16055->16060 16062 7ff6b89db379 FlsSetValue 16061->16062 16066 7ff6b89db35c 16061->16066 16063 7ff6b89db38b 16062->16063 16067 7ff6b89db369 SetLastError 16062->16067 16078 7ff6b89dec08 16063->16078 16066->16062 16066->16067 16067->16054 16069 7ff6b89db3b8 FlsSetValue 16071 7ff6b89db3c4 FlsSetValue 16069->16071 16072 7ff6b89db3d6 16069->16072 16070 7ff6b89db3a8 FlsSetValue 16073 7ff6b89db3b1 16070->16073 16071->16073 16091 7ff6b89daf64 16072->16091 16085 7ff6b89da9b8 16073->16085 16083 7ff6b89dec19 _get_daylight 16078->16083 16079 7ff6b89dec6a 16082 7ff6b89d4f78 _get_daylight 10 API calls 16079->16082 16080 7ff6b89dec4e HeapAlloc 16081 7ff6b89db39a 16080->16081 16080->16083 16081->16069 16081->16070 16082->16081 16083->16079 16083->16080 16084 7ff6b89e3600 _get_daylight 2 API calls 16083->16084 16084->16083 16086 7ff6b89da9bd RtlFreeHeap 16085->16086 16090 7ff6b89da9ec 16085->16090 16087 7ff6b89da9d8 GetLastError 16086->16087 16086->16090 16088 7ff6b89da9e5 Concurrency::details::SchedulerProxy::DeleteThis 16087->16088 16089 7ff6b89d4f78 _get_daylight 9 API calls 16088->16089 16089->16090 16090->16067 16096 7ff6b89dae3c 16091->16096 16108 7ff6b89e0348 EnterCriticalSection 16096->16108 20241 7ff6b89e1720 20252 7ff6b89e7454 20241->20252 20253 7ff6b89e7461 20252->20253 20254 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20253->20254 20255 7ff6b89e747d 20253->20255 20254->20253 20256 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 20255->20256 20257 7ff6b89e1729 20255->20257 20256->20255 20258 7ff6b89e0348 EnterCriticalSection 20257->20258 18898 7ff6b89d5698 18899 7ff6b89d56b2 18898->18899 18900 7ff6b89d56cf 18898->18900 18901 7ff6b89d4f58 _fread_nolock 11 API calls 18899->18901 18900->18899 18902 7ff6b89d56e2 CreateFileW 18900->18902 18903 7ff6b89d56b7 18901->18903 18904 7ff6b89d574c 18902->18904 18905 7ff6b89d5716 18902->18905 18907 7ff6b89d4f78 _get_daylight 11 API calls 18903->18907 18949 7ff6b89d5c74 18904->18949 18923 7ff6b89d57ec GetFileType 18905->18923 18910 7ff6b89d56bf 18907->18910 18916 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 18910->18916 18912 7ff6b89d5741 CloseHandle 18917 7ff6b89d56ca 18912->18917 18913 7ff6b89d572b CloseHandle 18913->18917 18914 7ff6b89d5755 18918 7ff6b89d4eec _fread_nolock 11 API calls 18914->18918 18915 7ff6b89d5780 18970 7ff6b89d5a34 18915->18970 18916->18917 18922 7ff6b89d575f 18918->18922 18922->18917 18924 7ff6b89d583a 18923->18924 18925 7ff6b89d58f7 18923->18925 18926 7ff6b89d5866 GetFileInformationByHandle 18924->18926 18930 7ff6b89d5b70 21 API calls 18924->18930 18927 7ff6b89d58ff 18925->18927 18928 7ff6b89d5921 18925->18928 18931 7ff6b89d5912 GetLastError 18926->18931 18932 7ff6b89d588f 18926->18932 18927->18931 18933 7ff6b89d5903 18927->18933 18929 7ff6b89d5944 PeekNamedPipe 18928->18929 18947 7ff6b89d58e2 18928->18947 18929->18947 18938 7ff6b89d5854 18930->18938 18934 7ff6b89d4eec _fread_nolock 11 API calls 18931->18934 18935 7ff6b89d5a34 51 API calls 18932->18935 18936 7ff6b89d4f78 _get_daylight 11 API calls 18933->18936 18934->18947 18939 7ff6b89d589a 18935->18939 18936->18947 18937 7ff6b89cc5c0 _log10_special 8 API calls 18940 7ff6b89d5724 18937->18940 18938->18926 18938->18947 18987 7ff6b89d5994 18939->18987 18940->18912 18940->18913 18943 7ff6b89d5994 10 API calls 18944 7ff6b89d58b9 18943->18944 18945 7ff6b89d5994 10 API calls 18944->18945 18946 7ff6b89d58ca 18945->18946 18946->18947 18948 7ff6b89d4f78 _get_daylight 11 API calls 18946->18948 18947->18937 18948->18947 18950 7ff6b89d5caa 18949->18950 18951 7ff6b89d4f78 _get_daylight 11 API calls 18950->18951 18969 7ff6b89d5d42 __vcrt_freefls 18950->18969 18953 7ff6b89d5cbc 18951->18953 18952 7ff6b89cc5c0 _log10_special 8 API calls 18954 7ff6b89d5751 18952->18954 18955 7ff6b89d4f78 _get_daylight 11 API calls 18953->18955 18954->18914 18954->18915 18956 7ff6b89d5cc4 18955->18956 18957 7ff6b89d7e78 45 API calls 18956->18957 18958 7ff6b89d5cd9 18957->18958 18959 7ff6b89d5ce1 18958->18959 18960 7ff6b89d5ceb 18958->18960 18961 7ff6b89d4f78 _get_daylight 11 API calls 18959->18961 18962 7ff6b89d4f78 _get_daylight 11 API calls 18960->18962 18966 7ff6b89d5ce6 18961->18966 18963 7ff6b89d5cf0 18962->18963 18964 7ff6b89d4f78 _get_daylight 11 API calls 18963->18964 18963->18969 18965 7ff6b89d5cfa 18964->18965 18967 7ff6b89d7e78 45 API calls 18965->18967 18968 7ff6b89d5d34 GetDriveTypeW 18966->18968 18966->18969 18967->18966 18968->18969 18969->18952 18971 7ff6b89d5a5c 18970->18971 18979 7ff6b89d578d 18971->18979 18994 7ff6b89df794 18971->18994 18973 7ff6b89d5af0 18974 7ff6b89df794 51 API calls 18973->18974 18973->18979 18975 7ff6b89d5b03 18974->18975 18976 7ff6b89df794 51 API calls 18975->18976 18975->18979 18977 7ff6b89d5b16 18976->18977 18978 7ff6b89df794 51 API calls 18977->18978 18977->18979 18978->18979 18980 7ff6b89d5b70 18979->18980 18981 7ff6b89d5b8a 18980->18981 18982 7ff6b89d5bc1 18981->18982 18983 7ff6b89d5b9a 18981->18983 18984 7ff6b89df628 21 API calls 18982->18984 18985 7ff6b89d4eec _fread_nolock 11 API calls 18983->18985 18986 7ff6b89d5baa 18983->18986 18984->18986 18985->18986 18986->18922 18988 7ff6b89d59b0 18987->18988 18989 7ff6b89d59bd FileTimeToSystemTime 18987->18989 18988->18989 18991 7ff6b89d59b8 18988->18991 18990 7ff6b89d59d1 SystemTimeToTzSpecificLocalTime 18989->18990 18989->18991 18990->18991 18992 7ff6b89cc5c0 _log10_special 8 API calls 18991->18992 18993 7ff6b89d58a9 18992->18993 18993->18943 18995 7ff6b89df7c5 18994->18995 18996 7ff6b89df7a1 18994->18996 18999 7ff6b89df7ff 18995->18999 19002 7ff6b89df81e 18995->19002 18996->18995 18997 7ff6b89df7a6 18996->18997 18998 7ff6b89d4f78 _get_daylight 11 API calls 18997->18998 19000 7ff6b89df7ab 18998->19000 19001 7ff6b89d4f78 _get_daylight 11 API calls 18999->19001 19004 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19000->19004 19005 7ff6b89df804 19001->19005 19003 7ff6b89d4fbc 45 API calls 19002->19003 19009 7ff6b89df82b 19003->19009 19006 7ff6b89df7b6 19004->19006 19007 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 19005->19007 19006->18973 19008 7ff6b89df80f 19007->19008 19008->18973 19009->19008 19010 7ff6b89e054c 51 API calls 19009->19010 19010->19009 16110 7ff6b89cccac 16131 7ff6b89cce7c 16110->16131 16113 7ff6b89ccdf8 16285 7ff6b89cd19c IsProcessorFeaturePresent 16113->16285 16114 7ff6b89cccc8 __scrt_acquire_startup_lock 16116 7ff6b89cce02 16114->16116 16121 7ff6b89ccce6 __scrt_release_startup_lock 16114->16121 16117 7ff6b89cd19c 7 API calls 16116->16117 16118 7ff6b89cce0d __GetCurrentState 16117->16118 16119 7ff6b89ccd0b 16120 7ff6b89ccd91 16137 7ff6b89cd2e4 16120->16137 16121->16119 16121->16120 16274 7ff6b89d9b9c 16121->16274 16123 7ff6b89ccd96 16140 7ff6b89c1000 16123->16140 16128 7ff6b89ccdb9 16128->16118 16281 7ff6b89cd000 16128->16281 16132 7ff6b89cce84 16131->16132 16133 7ff6b89cce90 __scrt_dllmain_crt_thread_attach 16132->16133 16134 7ff6b89cccc0 16133->16134 16135 7ff6b89cce9d 16133->16135 16134->16113 16134->16114 16135->16134 16292 7ff6b89cd8f8 16135->16292 16319 7ff6b89ea540 16137->16319 16141 7ff6b89c1009 16140->16141 16321 7ff6b89d54f4 16141->16321 16143 7ff6b89c37fb 16328 7ff6b89c36b0 16143->16328 16150 7ff6b89c383c 16488 7ff6b89c1c80 16150->16488 16151 7ff6b89c391b 16497 7ff6b89c45b0 16151->16497 16155 7ff6b89c385b 16400 7ff6b89c8a20 16155->16400 16156 7ff6b89c396a 16520 7ff6b89c2710 16156->16520 16160 7ff6b89c395d 16162 7ff6b89c3984 16160->16162 16163 7ff6b89c3962 16160->16163 16161 7ff6b89c388e 16167 7ff6b89c38bb __vcrt_freefls 16161->16167 16492 7ff6b89c8b90 16161->16492 16165 7ff6b89c1c80 49 API calls 16162->16165 16516 7ff6b89d00bc 16163->16516 16168 7ff6b89c39a3 16165->16168 16169 7ff6b89c8a20 14 API calls 16167->16169 16177 7ff6b89c38de __vcrt_freefls 16167->16177 16173 7ff6b89c1950 115 API calls 16168->16173 16169->16177 16171 7ff6b89c3a0b 16172 7ff6b89c8b90 40 API calls 16171->16172 16174 7ff6b89c3a17 16172->16174 16175 7ff6b89c39ce 16173->16175 16178 7ff6b89c8b90 40 API calls 16174->16178 16175->16155 16176 7ff6b89c39de 16175->16176 16179 7ff6b89c2710 54 API calls 16176->16179 16182 7ff6b89c390e __vcrt_freefls 16177->16182 16531 7ff6b89c8b30 16177->16531 16180 7ff6b89c3a23 16178->16180 16222 7ff6b89c3808 __vcrt_freefls 16179->16222 16181 7ff6b89c8b90 40 API calls 16180->16181 16181->16182 16183 7ff6b89c8a20 14 API calls 16182->16183 16184 7ff6b89c3a3b 16183->16184 16185 7ff6b89c3b2f 16184->16185 16186 7ff6b89c3a60 __vcrt_freefls 16184->16186 16187 7ff6b89c2710 54 API calls 16185->16187 16188 7ff6b89c8b30 40 API calls 16186->16188 16196 7ff6b89c3aab 16186->16196 16187->16222 16188->16196 16189 7ff6b89c8a20 14 API calls 16190 7ff6b89c3bf4 __vcrt_freefls 16189->16190 16191 7ff6b89c3d41 16190->16191 16192 7ff6b89c3c46 16190->16192 16547 7ff6b89c44d0 16191->16547 16193 7ff6b89c3c50 16192->16193 16194 7ff6b89c3cd4 16192->16194 16413 7ff6b89c90e0 16193->16413 16198 7ff6b89c8a20 14 API calls 16194->16198 16196->16189 16201 7ff6b89c3ce0 16198->16201 16199 7ff6b89c3d4f 16202 7ff6b89c3d71 16199->16202 16203 7ff6b89c3d65 16199->16203 16204 7ff6b89c3c61 16201->16204 16208 7ff6b89c3ced 16201->16208 16206 7ff6b89c1c80 49 API calls 16202->16206 16550 7ff6b89c4620 16203->16550 16210 7ff6b89c2710 54 API calls 16204->16210 16218 7ff6b89c3cc8 __vcrt_freefls 16206->16218 16211 7ff6b89c1c80 49 API calls 16208->16211 16210->16222 16214 7ff6b89c3d0b 16211->16214 16212 7ff6b89c3dc4 16463 7ff6b89c9400 16212->16463 16217 7ff6b89c3d12 16214->16217 16214->16218 16215 7ff6b89c3da7 SetDllDirectoryW LoadLibraryExW 16215->16212 16216 7ff6b89c3dd7 SetDllDirectoryW 16221 7ff6b89c3e0a 16216->16221 16265 7ff6b89c3e5a 16216->16265 16220 7ff6b89c2710 54 API calls 16217->16220 16218->16212 16218->16215 16220->16222 16224 7ff6b89c8a20 14 API calls 16221->16224 16538 7ff6b89cc5c0 16222->16538 16223 7ff6b89c3ffc 16226 7ff6b89c4029 16223->16226 16227 7ff6b89c4006 PostMessageW GetMessageW 16223->16227 16230 7ff6b89c3e16 __vcrt_freefls 16224->16230 16225 7ff6b89c3f1b 16468 7ff6b89c33c0 16225->16468 16627 7ff6b89c3360 16226->16627 16227->16226 16232 7ff6b89c3ef2 16230->16232 16236 7ff6b89c3e4e 16230->16236 16235 7ff6b89c8b30 40 API calls 16232->16235 16235->16265 16236->16265 16553 7ff6b89c6db0 16236->16553 16265->16223 16265->16225 16275 7ff6b89d9bb3 16274->16275 16276 7ff6b89d9bd4 16274->16276 16275->16120 18795 7ff6b89da448 16276->18795 16279 7ff6b89cd328 GetModuleHandleW 16280 7ff6b89cd339 16279->16280 16280->16128 16282 7ff6b89cd011 16281->16282 16283 7ff6b89ccdd0 16282->16283 16284 7ff6b89cd8f8 7 API calls 16282->16284 16283->16119 16284->16283 16286 7ff6b89cd1c2 __GetCurrentState memcpy_s 16285->16286 16287 7ff6b89cd1e1 RtlCaptureContext RtlLookupFunctionEntry 16286->16287 16288 7ff6b89cd20a RtlVirtualUnwind 16287->16288 16289 7ff6b89cd246 memcpy_s 16287->16289 16288->16289 16290 7ff6b89cd278 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16289->16290 16291 7ff6b89cd2c6 __GetCurrentState 16290->16291 16291->16116 16293 7ff6b89cd900 16292->16293 16294 7ff6b89cd90a 16292->16294 16298 7ff6b89cdc94 16293->16298 16294->16134 16299 7ff6b89cdca3 16298->16299 16300 7ff6b89cd905 16298->16300 16306 7ff6b89cded0 16299->16306 16302 7ff6b89cdd00 16300->16302 16303 7ff6b89cdd2b 16302->16303 16304 7ff6b89cdd0e DeleteCriticalSection 16303->16304 16305 7ff6b89cdd2f 16303->16305 16304->16303 16305->16294 16310 7ff6b89cdd38 16306->16310 16311 7ff6b89cde22 TlsFree 16310->16311 16316 7ff6b89cdd7c __vcrt_FlsAlloc 16310->16316 16312 7ff6b89cddaa LoadLibraryExW 16314 7ff6b89cddcb GetLastError 16312->16314 16315 7ff6b89cde49 16312->16315 16313 7ff6b89cde69 GetProcAddress 16313->16311 16314->16316 16315->16313 16317 7ff6b89cde60 FreeLibrary 16315->16317 16316->16311 16316->16312 16316->16313 16318 7ff6b89cdded LoadLibraryExW 16316->16318 16317->16313 16318->16315 16318->16316 16320 7ff6b89cd2fb GetStartupInfoW 16319->16320 16320->16123 16323 7ff6b89df4f0 16321->16323 16322 7ff6b89df543 16640 7ff6b89da884 16322->16640 16323->16322 16325 7ff6b89df596 16323->16325 16650 7ff6b89df3c8 16325->16650 16327 7ff6b89df56c 16327->16143 16696 7ff6b89cc8c0 16328->16696 16331 7ff6b89c3710 16698 7ff6b89c92f0 FindFirstFileExW 16331->16698 16332 7ff6b89c36eb GetLastError 16703 7ff6b89c2c50 16332->16703 16335 7ff6b89c3706 16340 7ff6b89cc5c0 _log10_special 8 API calls 16335->16340 16337 7ff6b89c3723 16718 7ff6b89c9370 CreateFileW 16337->16718 16338 7ff6b89c377d 16729 7ff6b89c94b0 16338->16729 16343 7ff6b89c37b5 16340->16343 16343->16222 16350 7ff6b89c1950 16343->16350 16344 7ff6b89c378b 16344->16335 16348 7ff6b89c2810 49 API calls 16344->16348 16345 7ff6b89c3734 16721 7ff6b89c2810 16345->16721 16346 7ff6b89c374c __vcrt_FlsAlloc 16346->16338 16348->16335 16351 7ff6b89c45b0 108 API calls 16350->16351 16352 7ff6b89c1985 16351->16352 16354 7ff6b89c7f80 83 API calls 16352->16354 16360 7ff6b89c1c43 16352->16360 16353 7ff6b89cc5c0 _log10_special 8 API calls 16355 7ff6b89c1c5e 16353->16355 16356 7ff6b89c19cb 16354->16356 16355->16150 16355->16151 16399 7ff6b89c1a03 16356->16399 17127 7ff6b89d0744 16356->17127 16358 7ff6b89d00bc 74 API calls 16358->16360 16359 7ff6b89c19e5 16361 7ff6b89c19e9 16359->16361 16362 7ff6b89c1a08 16359->16362 16360->16353 16363 7ff6b89d4f78 _get_daylight 11 API calls 16361->16363 17131 7ff6b89d040c 16362->17131 16365 7ff6b89c19ee 16363->16365 17134 7ff6b89c2910 16365->17134 16368 7ff6b89c1a45 16372 7ff6b89c1a5c 16368->16372 16373 7ff6b89c1a7b 16368->16373 16369 7ff6b89c1a26 16370 7ff6b89d4f78 _get_daylight 11 API calls 16369->16370 16371 7ff6b89c1a2b 16370->16371 16374 7ff6b89c2910 54 API calls 16371->16374 16375 7ff6b89d4f78 _get_daylight 11 API calls 16372->16375 16376 7ff6b89c1c80 49 API calls 16373->16376 16374->16399 16377 7ff6b89c1a61 16375->16377 16378 7ff6b89c1a92 16376->16378 16379 7ff6b89c2910 54 API calls 16377->16379 16380 7ff6b89c1c80 49 API calls 16378->16380 16379->16399 16381 7ff6b89c1add 16380->16381 16382 7ff6b89d0744 73 API calls 16381->16382 16383 7ff6b89c1b01 16382->16383 16384 7ff6b89c1b35 16383->16384 16385 7ff6b89c1b16 16383->16385 16387 7ff6b89d040c _fread_nolock 53 API calls 16384->16387 16386 7ff6b89d4f78 _get_daylight 11 API calls 16385->16386 16388 7ff6b89c1b1b 16386->16388 16389 7ff6b89c1b4a 16387->16389 16390 7ff6b89c2910 54 API calls 16388->16390 16391 7ff6b89c1b50 16389->16391 16392 7ff6b89c1b6f 16389->16392 16390->16399 16393 7ff6b89d4f78 _get_daylight 11 API calls 16391->16393 17149 7ff6b89d0180 16392->17149 16396 7ff6b89c1b55 16393->16396 16397 7ff6b89c2910 54 API calls 16396->16397 16397->16399 16398 7ff6b89c2710 54 API calls 16398->16399 16399->16358 16401 7ff6b89c8a2a 16400->16401 16402 7ff6b89c9400 2 API calls 16401->16402 16403 7ff6b89c8a49 GetEnvironmentVariableW 16402->16403 16404 7ff6b89c8ab2 16403->16404 16405 7ff6b89c8a66 ExpandEnvironmentStringsW 16403->16405 16407 7ff6b89cc5c0 _log10_special 8 API calls 16404->16407 16405->16404 16406 7ff6b89c8a88 16405->16406 16408 7ff6b89c94b0 2 API calls 16406->16408 16409 7ff6b89c8ac4 16407->16409 16410 7ff6b89c8a9a 16408->16410 16409->16161 16411 7ff6b89cc5c0 _log10_special 8 API calls 16410->16411 16412 7ff6b89c8aaa 16411->16412 16412->16161 16414 7ff6b89c90f5 16413->16414 17367 7ff6b89c8760 GetCurrentProcess OpenProcessToken 16414->17367 16417 7ff6b89c8760 7 API calls 16418 7ff6b89c9121 16417->16418 16419 7ff6b89c9154 16418->16419 16420 7ff6b89c913a 16418->16420 16422 7ff6b89c26b0 48 API calls 16419->16422 16421 7ff6b89c26b0 48 API calls 16420->16421 16423 7ff6b89c9152 16421->16423 16424 7ff6b89c9167 LocalFree LocalFree 16422->16424 16423->16424 16425 7ff6b89c9183 16424->16425 16427 7ff6b89c918f 16424->16427 17377 7ff6b89c2b50 16425->17377 16428 7ff6b89cc5c0 _log10_special 8 API calls 16427->16428 16429 7ff6b89c3c55 16428->16429 16429->16204 16430 7ff6b89c8850 16429->16430 16431 7ff6b89c8868 16430->16431 16432 7ff6b89c88ea GetTempPathW GetCurrentProcessId 16431->16432 16433 7ff6b89c888c 16431->16433 17386 7ff6b89c25c0 16432->17386 16435 7ff6b89c8a20 14 API calls 16433->16435 16437 7ff6b89c8898 16435->16437 16436 7ff6b89c8918 __vcrt_freefls 16449 7ff6b89c8955 __vcrt_freefls 16436->16449 17390 7ff6b89d8bd8 16436->17390 17393 7ff6b89c81c0 16437->17393 16448 7ff6b89cc5c0 _log10_special 8 API calls 16450 7ff6b89c3cbb 16448->16450 16454 7ff6b89c9400 2 API calls 16449->16454 16462 7ff6b89c89c4 __vcrt_freefls 16449->16462 16450->16204 16450->16218 16455 7ff6b89c89a1 16454->16455 16456 7ff6b89c89a6 16455->16456 16457 7ff6b89c89d9 16455->16457 16458 7ff6b89c9400 2 API calls 16456->16458 16459 7ff6b89d82a8 38 API calls 16457->16459 16460 7ff6b89c89b6 16458->16460 16459->16462 16462->16448 16464 7ff6b89c9422 MultiByteToWideChar 16463->16464 16467 7ff6b89c9446 16463->16467 16466 7ff6b89c945c __vcrt_freefls 16464->16466 16464->16467 16465 7ff6b89c9463 MultiByteToWideChar 16465->16466 16466->16216 16467->16465 16467->16466 16480 7ff6b89c33ce memcpy_s 16468->16480 16469 7ff6b89cc5c0 _log10_special 8 API calls 16471 7ff6b89c3664 16469->16471 16470 7ff6b89c35c7 16470->16469 16471->16222 16487 7ff6b89c90c0 LocalFree 16471->16487 16473 7ff6b89c1c80 49 API calls 16473->16480 16474 7ff6b89c35e2 16476 7ff6b89c2710 54 API calls 16474->16476 16476->16470 16479 7ff6b89c35c9 16482 7ff6b89c2710 54 API calls 16479->16482 16480->16470 16480->16473 16480->16474 16480->16479 16481 7ff6b89c2a50 54 API calls 16480->16481 16485 7ff6b89c35d0 16480->16485 17682 7ff6b89c4550 16480->17682 17688 7ff6b89c7e10 16480->17688 17699 7ff6b89c1600 16480->17699 17747 7ff6b89c7110 16480->17747 17751 7ff6b89c4180 16480->17751 17795 7ff6b89c4440 16480->17795 16481->16480 16482->16470 16486 7ff6b89c2710 54 API calls 16485->16486 16486->16470 16489 7ff6b89c1ca5 16488->16489 16490 7ff6b89d49f4 49 API calls 16489->16490 16491 7ff6b89c1cc8 16490->16491 16491->16155 16493 7ff6b89c9400 2 API calls 16492->16493 16494 7ff6b89c8ba4 16493->16494 16495 7ff6b89d82a8 38 API calls 16494->16495 16496 7ff6b89c8bb6 __vcrt_freefls 16495->16496 16496->16167 16498 7ff6b89c45bc 16497->16498 16499 7ff6b89c9400 2 API calls 16498->16499 16500 7ff6b89c45e4 16499->16500 16501 7ff6b89c9400 2 API calls 16500->16501 16502 7ff6b89c45f7 16501->16502 17978 7ff6b89d6004 16502->17978 16505 7ff6b89cc5c0 _log10_special 8 API calls 16506 7ff6b89c392b 16505->16506 16506->16156 16507 7ff6b89c7f80 16506->16507 16508 7ff6b89c7fa4 16507->16508 16509 7ff6b89d0744 73 API calls 16508->16509 16514 7ff6b89c807b __vcrt_freefls 16508->16514 16510 7ff6b89c7fc0 16509->16510 16510->16514 18369 7ff6b89d7938 16510->18369 16512 7ff6b89d0744 73 API calls 16515 7ff6b89c7fd5 16512->16515 16513 7ff6b89d040c _fread_nolock 53 API calls 16513->16515 16514->16160 16515->16512 16515->16513 16515->16514 16517 7ff6b89d00ec 16516->16517 18384 7ff6b89cfe98 16517->18384 16519 7ff6b89d0105 16519->16156 16521 7ff6b89cc8c0 16520->16521 16522 7ff6b89c2734 GetCurrentProcessId 16521->16522 16523 7ff6b89c1c80 49 API calls 16522->16523 16524 7ff6b89c2787 16523->16524 16525 7ff6b89d49f4 49 API calls 16524->16525 16526 7ff6b89c27cf 16525->16526 16527 7ff6b89c2620 12 API calls 16526->16527 16528 7ff6b89c27f1 16527->16528 16529 7ff6b89cc5c0 _log10_special 8 API calls 16528->16529 16530 7ff6b89c2801 16529->16530 16530->16222 16532 7ff6b89c9400 2 API calls 16531->16532 16533 7ff6b89c8b4c 16532->16533 16534 7ff6b89c9400 2 API calls 16533->16534 16535 7ff6b89c8b5c 16534->16535 16536 7ff6b89d82a8 38 API calls 16535->16536 16537 7ff6b89c8b6a __vcrt_freefls 16536->16537 16537->16171 16539 7ff6b89cc5c9 16538->16539 16540 7ff6b89c3ca7 16539->16540 16541 7ff6b89cc950 IsProcessorFeaturePresent 16539->16541 16540->16279 16542 7ff6b89cc968 16541->16542 18395 7ff6b89ccb48 RtlCaptureContext 16542->18395 16548 7ff6b89c1c80 49 API calls 16547->16548 16549 7ff6b89c44ed 16548->16549 16549->16199 16551 7ff6b89c1c80 49 API calls 16550->16551 16552 7ff6b89c4650 16551->16552 16552->16218 16552->16552 16554 7ff6b89c6dc5 16553->16554 16555 7ff6b89c3e6c 16554->16555 16556 7ff6b89d4f78 _get_daylight 11 API calls 16554->16556 16559 7ff6b89c7330 16555->16559 16557 7ff6b89c6dd2 16556->16557 16558 7ff6b89c2910 54 API calls 16557->16558 16558->16555 18400 7ff6b89c1470 16559->18400 16561 7ff6b89c7358 18506 7ff6b89c6350 16627->18506 16630 7ff6b89c3399 16636 7ff6b89c3670 16630->16636 16657 7ff6b89da5cc 16640->16657 16643 7ff6b89da8bf 16643->16327 16695 7ff6b89d54dc EnterCriticalSection 16650->16695 16658 7ff6b89da623 16657->16658 16659 7ff6b89da5e8 GetLastError 16657->16659 16658->16643 16663 7ff6b89da638 16658->16663 16660 7ff6b89da5f8 16659->16660 16670 7ff6b89db400 16660->16670 16664 7ff6b89da654 GetLastError SetLastError 16663->16664 16665 7ff6b89da66c 16663->16665 16664->16665 16665->16643 16666 7ff6b89da970 IsProcessorFeaturePresent 16665->16666 16667 7ff6b89da983 16666->16667 16687 7ff6b89da684 16667->16687 16671 7ff6b89db41f FlsGetValue 16670->16671 16672 7ff6b89db43a FlsSetValue 16670->16672 16673 7ff6b89db434 16671->16673 16676 7ff6b89da613 SetLastError 16671->16676 16674 7ff6b89db447 16672->16674 16672->16676 16673->16672 16675 7ff6b89dec08 _get_daylight 11 API calls 16674->16675 16677 7ff6b89db456 16675->16677 16676->16658 16678 7ff6b89db474 FlsSetValue 16677->16678 16679 7ff6b89db464 FlsSetValue 16677->16679 16681 7ff6b89db492 16678->16681 16682 7ff6b89db480 FlsSetValue 16678->16682 16680 7ff6b89db46d 16679->16680 16683 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16680->16683 16684 7ff6b89daf64 _get_daylight 11 API calls 16681->16684 16682->16680 16683->16676 16685 7ff6b89db49a 16684->16685 16686 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16685->16686 16686->16676 16688 7ff6b89da6be __GetCurrentState memcpy_s 16687->16688 16689 7ff6b89da6e6 RtlCaptureContext RtlLookupFunctionEntry 16688->16689 16690 7ff6b89da720 RtlVirtualUnwind 16689->16690 16691 7ff6b89da756 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16689->16691 16690->16691 16692 7ff6b89da7a8 __GetCurrentState 16691->16692 16693 7ff6b89cc5c0 _log10_special 8 API calls 16692->16693 16694 7ff6b89da7c7 GetCurrentProcess TerminateProcess 16693->16694 16697 7ff6b89c36bc GetModuleFileNameW 16696->16697 16697->16331 16697->16332 16699 7ff6b89c932f FindClose 16698->16699 16700 7ff6b89c9342 16698->16700 16699->16700 16701 7ff6b89cc5c0 _log10_special 8 API calls 16700->16701 16702 7ff6b89c371a 16701->16702 16702->16337 16702->16338 16704 7ff6b89cc8c0 16703->16704 16705 7ff6b89c2c70 GetCurrentProcessId 16704->16705 16734 7ff6b89c26b0 16705->16734 16707 7ff6b89c2cb9 16738 7ff6b89d4c48 16707->16738 16710 7ff6b89c26b0 48 API calls 16711 7ff6b89c2d34 FormatMessageW 16710->16711 16713 7ff6b89c2d7f MessageBoxW 16711->16713 16714 7ff6b89c2d6d 16711->16714 16716 7ff6b89cc5c0 _log10_special 8 API calls 16713->16716 16715 7ff6b89c26b0 48 API calls 16714->16715 16715->16713 16717 7ff6b89c2daf 16716->16717 16717->16335 16719 7ff6b89c93b0 GetFinalPathNameByHandleW CloseHandle 16718->16719 16720 7ff6b89c3730 16718->16720 16719->16720 16720->16345 16720->16346 16722 7ff6b89c2834 16721->16722 16723 7ff6b89c26b0 48 API calls 16722->16723 16724 7ff6b89c2887 16723->16724 16725 7ff6b89d4c48 48 API calls 16724->16725 16726 7ff6b89c28d0 MessageBoxW 16725->16726 16727 7ff6b89cc5c0 _log10_special 8 API calls 16726->16727 16728 7ff6b89c2900 16727->16728 16728->16335 16730 7ff6b89c94da WideCharToMultiByte 16729->16730 16732 7ff6b89c9505 16729->16732 16730->16732 16733 7ff6b89c951b __vcrt_freefls 16730->16733 16731 7ff6b89c9522 WideCharToMultiByte 16731->16733 16732->16731 16732->16733 16733->16344 16735 7ff6b89c26d5 16734->16735 16736 7ff6b89d4c48 48 API calls 16735->16736 16737 7ff6b89c26f8 16736->16737 16737->16707 16740 7ff6b89d4ca2 16738->16740 16739 7ff6b89d4cc7 16741 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16739->16741 16740->16739 16742 7ff6b89d4d03 16740->16742 16744 7ff6b89d4cf1 16741->16744 16756 7ff6b89d3000 16742->16756 16746 7ff6b89cc5c0 _log10_special 8 API calls 16744->16746 16745 7ff6b89d4db0 16753 7ff6b89d4de4 16745->16753 16755 7ff6b89d4db9 16745->16755 16749 7ff6b89c2d04 16746->16749 16747 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16747->16744 16749->16710 16750 7ff6b89d4e0a 16751 7ff6b89d4e14 16750->16751 16750->16753 16754 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16751->16754 16752 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16752->16744 16753->16747 16754->16744 16755->16752 16757 7ff6b89d303e 16756->16757 16758 7ff6b89d302e 16756->16758 16759 7ff6b89d3075 16757->16759 16760 7ff6b89d3047 16757->16760 16761 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16758->16761 16759->16758 16763 7ff6b89d306d 16759->16763 16767 7ff6b89d3a14 16759->16767 16800 7ff6b89d3460 16759->16800 16837 7ff6b89d2bf0 16759->16837 16762 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16760->16762 16761->16763 16762->16763 16763->16745 16763->16750 16763->16753 16763->16755 16768 7ff6b89d3a56 16767->16768 16769 7ff6b89d3ac7 16767->16769 16770 7ff6b89d3af1 16768->16770 16771 7ff6b89d3a5c 16768->16771 16772 7ff6b89d3b20 16769->16772 16773 7ff6b89d3acc 16769->16773 16860 7ff6b89d1dc4 16770->16860 16774 7ff6b89d3a90 16771->16774 16775 7ff6b89d3a61 16771->16775 16779 7ff6b89d3b37 16772->16779 16780 7ff6b89d3b2a 16772->16780 16784 7ff6b89d3b2f 16772->16784 16776 7ff6b89d3ace 16773->16776 16777 7ff6b89d3b01 16773->16777 16781 7ff6b89d3a67 16774->16781 16774->16784 16775->16779 16775->16781 16788 7ff6b89d3add 16776->16788 16791 7ff6b89d3a70 16776->16791 16867 7ff6b89d19b4 16777->16867 16874 7ff6b89d471c 16779->16874 16780->16770 16780->16784 16787 7ff6b89d3aa2 16781->16787 16781->16791 16796 7ff6b89d3a8b 16781->16796 16798 7ff6b89d3b60 16784->16798 16878 7ff6b89d21d4 16784->16878 16787->16798 16850 7ff6b89d4504 16787->16850 16788->16770 16792 7ff6b89d3ae2 16788->16792 16790 7ff6b89cc5c0 _log10_special 8 API calls 16793 7ff6b89d3e5a 16790->16793 16791->16798 16840 7ff6b89d41c8 16791->16840 16792->16798 16856 7ff6b89d45c8 16792->16856 16793->16759 16796->16798 16799 7ff6b89d3d4c 16796->16799 16885 7ff6b89d4830 16796->16885 16798->16790 16799->16798 16891 7ff6b89dea78 16799->16891 16801 7ff6b89d3484 16800->16801 16802 7ff6b89d346e 16800->16802 16805 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16801->16805 16824 7ff6b89d34c4 16801->16824 16803 7ff6b89d3a56 16802->16803 16804 7ff6b89d3ac7 16802->16804 16802->16824 16806 7ff6b89d3a5c 16803->16806 16808 7ff6b89d3af1 16803->16808 16807 7ff6b89d3acc 16804->16807 16813 7ff6b89d3b20 16804->16813 16805->16824 16809 7ff6b89d3a90 16806->16809 16810 7ff6b89d3a61 16806->16810 16811 7ff6b89d3ace 16807->16811 16812 7ff6b89d3b01 16807->16812 16814 7ff6b89d1dc4 38 API calls 16808->16814 16818 7ff6b89d3a67 16809->16818 16821 7ff6b89d3b2f 16809->16821 16815 7ff6b89d3b37 16810->16815 16810->16818 16816 7ff6b89d3a70 16811->16816 16826 7ff6b89d3add 16811->16826 16819 7ff6b89d19b4 38 API calls 16812->16819 16813->16815 16817 7ff6b89d3b2a 16813->16817 16813->16821 16833 7ff6b89d3a8b 16814->16833 16822 7ff6b89d471c 45 API calls 16815->16822 16820 7ff6b89d41c8 47 API calls 16816->16820 16836 7ff6b89d3b60 16816->16836 16817->16808 16817->16821 16818->16816 16823 7ff6b89d3aa2 16818->16823 16818->16833 16819->16833 16820->16833 16825 7ff6b89d21d4 38 API calls 16821->16825 16821->16836 16822->16833 16827 7ff6b89d4504 46 API calls 16823->16827 16823->16836 16824->16759 16825->16833 16826->16808 16828 7ff6b89d3ae2 16826->16828 16827->16833 16831 7ff6b89d45c8 37 API calls 16828->16831 16828->16836 16829 7ff6b89cc5c0 _log10_special 8 API calls 16830 7ff6b89d3e5a 16829->16830 16830->16759 16831->16833 16832 7ff6b89d4830 45 API calls 16835 7ff6b89d3d4c 16832->16835 16833->16832 16833->16835 16833->16836 16834 7ff6b89dea78 46 API calls 16834->16835 16835->16834 16835->16836 16836->16829 17110 7ff6b89d1038 16837->17110 16841 7ff6b89d41ee 16840->16841 16903 7ff6b89d0bf0 16841->16903 16846 7ff6b89d4830 45 API calls 16848 7ff6b89d4333 16846->16848 16847 7ff6b89d4830 45 API calls 16849 7ff6b89d43c1 16847->16849 16848->16847 16848->16848 16848->16849 16849->16796 16851 7ff6b89d4539 16850->16851 16852 7ff6b89d457e 16851->16852 16853 7ff6b89d4557 16851->16853 16854 7ff6b89d4830 45 API calls 16851->16854 16852->16796 16855 7ff6b89dea78 46 API calls 16853->16855 16854->16853 16855->16852 16857 7ff6b89d45e9 16856->16857 16858 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16857->16858 16859 7ff6b89d461a 16857->16859 16858->16859 16859->16796 16861 7ff6b89d1df7 16860->16861 16862 7ff6b89d1e26 16861->16862 16864 7ff6b89d1ee3 16861->16864 16866 7ff6b89d1e63 16862->16866 17042 7ff6b89d0c98 16862->17042 16865 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16864->16865 16865->16866 16866->16796 16868 7ff6b89d19e7 16867->16868 16869 7ff6b89d1a16 16868->16869 16871 7ff6b89d1ad3 16868->16871 16870 7ff6b89d0c98 12 API calls 16869->16870 16873 7ff6b89d1a53 16869->16873 16870->16873 16872 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16871->16872 16872->16873 16873->16796 16875 7ff6b89d475f 16874->16875 16877 7ff6b89d4763 __crtLCMapStringW 16875->16877 17050 7ff6b89d47b8 16875->17050 16877->16796 16879 7ff6b89d2207 16878->16879 16880 7ff6b89d2236 16879->16880 16883 7ff6b89d22f3 16879->16883 16881 7ff6b89d2273 16880->16881 16882 7ff6b89d0c98 12 API calls 16880->16882 16881->16796 16882->16881 16884 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16883->16884 16884->16881 16886 7ff6b89d4847 16885->16886 17054 7ff6b89dda28 16886->17054 16892 7ff6b89deaa9 16891->16892 16901 7ff6b89deab7 16891->16901 16893 7ff6b89dead7 16892->16893 16894 7ff6b89d4830 45 API calls 16892->16894 16892->16901 16895 7ff6b89deb0f 16893->16895 16896 7ff6b89deae8 16893->16896 16894->16893 16898 7ff6b89deb9a 16895->16898 16899 7ff6b89deb39 16895->16899 16895->16901 17100 7ff6b89e0110 16896->17100 16900 7ff6b89df910 _fread_nolock MultiByteToWideChar 16898->16900 16899->16901 17103 7ff6b89df910 16899->17103 16900->16901 16901->16799 16904 7ff6b89d0c16 16903->16904 16905 7ff6b89d0c27 16903->16905 16911 7ff6b89de5e0 16904->16911 16905->16904 16906 7ff6b89dd66c _fread_nolock 12 API calls 16905->16906 16907 7ff6b89d0c54 16906->16907 16908 7ff6b89d0c68 16907->16908 16909 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16907->16909 16910 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 16908->16910 16909->16908 16910->16904 16912 7ff6b89de630 16911->16912 16913 7ff6b89de5fd 16911->16913 16912->16913 16915 7ff6b89de662 16912->16915 16914 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16913->16914 16924 7ff6b89d4311 16914->16924 16921 7ff6b89de775 16915->16921 16928 7ff6b89de6aa 16915->16928 16916 7ff6b89de867 16966 7ff6b89ddacc 16916->16966 16918 7ff6b89de82d 16959 7ff6b89dde64 16918->16959 16920 7ff6b89de7fc 16952 7ff6b89de144 16920->16952 16921->16916 16921->16918 16921->16920 16923 7ff6b89de7bf 16921->16923 16925 7ff6b89de7b5 16921->16925 16942 7ff6b89de374 16923->16942 16924->16846 16924->16848 16925->16918 16927 7ff6b89de7ba 16925->16927 16927->16920 16927->16923 16928->16924 16933 7ff6b89da514 16928->16933 16931 7ff6b89da970 _isindst 17 API calls 16932 7ff6b89de8c4 16931->16932 16934 7ff6b89da521 16933->16934 16935 7ff6b89da52b 16933->16935 16934->16935 16940 7ff6b89da546 16934->16940 16936 7ff6b89d4f78 _get_daylight 11 API calls 16935->16936 16937 7ff6b89da532 16936->16937 16975 7ff6b89da950 16937->16975 16939 7ff6b89da53e 16939->16924 16939->16931 16940->16939 16941 7ff6b89d4f78 _get_daylight 11 API calls 16940->16941 16941->16937 16978 7ff6b89e411c 16942->16978 16946 7ff6b89de420 16946->16924 16947 7ff6b89de41c 16947->16946 16948 7ff6b89de471 16947->16948 16949 7ff6b89de43c 16947->16949 17031 7ff6b89ddf60 16948->17031 17027 7ff6b89de21c 16949->17027 16953 7ff6b89e411c 38 API calls 16952->16953 16954 7ff6b89de18e 16953->16954 16955 7ff6b89e3b64 37 API calls 16954->16955 16956 7ff6b89de1de 16955->16956 16957 7ff6b89de1e2 16956->16957 16958 7ff6b89de21c 45 API calls 16956->16958 16957->16924 16958->16957 16960 7ff6b89e411c 38 API calls 16959->16960 16961 7ff6b89ddeaf 16960->16961 16962 7ff6b89e3b64 37 API calls 16961->16962 16963 7ff6b89ddf07 16962->16963 16964 7ff6b89ddf0b 16963->16964 16965 7ff6b89ddf60 45 API calls 16963->16965 16964->16924 16965->16964 16967 7ff6b89ddb44 16966->16967 16968 7ff6b89ddb11 16966->16968 16970 7ff6b89ddb5c 16967->16970 16972 7ff6b89ddbdd 16967->16972 16969 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 16968->16969 16974 7ff6b89ddb3d memcpy_s 16969->16974 16971 7ff6b89dde64 46 API calls 16970->16971 16971->16974 16973 7ff6b89d4830 45 API calls 16972->16973 16972->16974 16973->16974 16974->16924 16976 7ff6b89da7e8 _invalid_parameter_noinfo 37 API calls 16975->16976 16977 7ff6b89da969 16976->16977 16977->16939 16979 7ff6b89e416f fegetenv 16978->16979 16980 7ff6b89e7e9c 37 API calls 16979->16980 16984 7ff6b89e41c2 16980->16984 16981 7ff6b89e41ef 16986 7ff6b89da514 __std_exception_copy 37 API calls 16981->16986 16982 7ff6b89e42b2 16983 7ff6b89e7e9c 37 API calls 16982->16983 16985 7ff6b89e42dc 16983->16985 16984->16982 16987 7ff6b89e428c 16984->16987 16988 7ff6b89e41dd 16984->16988 16989 7ff6b89e7e9c 37 API calls 16985->16989 16990 7ff6b89e426d 16986->16990 16993 7ff6b89da514 __std_exception_copy 37 API calls 16987->16993 16988->16981 16988->16982 16991 7ff6b89e42ed 16989->16991 16992 7ff6b89e5394 16990->16992 16997 7ff6b89e4275 16990->16997 16994 7ff6b89e8090 20 API calls 16991->16994 16995 7ff6b89da970 _isindst 17 API calls 16992->16995 16993->16990 17006 7ff6b89e4356 memcpy_s 16994->17006 16996 7ff6b89e53a9 16995->16996 16998 7ff6b89cc5c0 _log10_special 8 API calls 16997->16998 16999 7ff6b89de3c1 16998->16999 17023 7ff6b89e3b64 16999->17023 17000 7ff6b89e46ff memcpy_s 17001 7ff6b89e4a3f 17002 7ff6b89e3c80 37 API calls 17001->17002 17003 7ff6b89e5157 17002->17003 17012 7ff6b89e53ac memcpy_s 37 API calls 17003->17012 17021 7ff6b89e51b2 17003->17021 17004 7ff6b89e49eb 17004->17001 17004->17004 17007 7ff6b89e53ac memcpy_s 37 API calls 17004->17007 17005 7ff6b89e4397 memcpy_s 17016 7ff6b89e47f3 memcpy_s 17005->17016 17019 7ff6b89e4cdb memcpy_s 17005->17019 17006->17000 17006->17005 17008 7ff6b89d4f78 _get_daylight 11 API calls 17006->17008 17007->17001 17009 7ff6b89e47d0 17008->17009 17010 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17009->17010 17010->17005 17011 7ff6b89e5338 17015 7ff6b89e7e9c 37 API calls 17011->17015 17012->17021 17013 7ff6b89d4f78 11 API calls _get_daylight 17013->17019 17014 7ff6b89d4f78 11 API calls _get_daylight 17014->17016 17015->16997 17016->17004 17016->17014 17018 7ff6b89da950 37 API calls _invalid_parameter_noinfo 17016->17018 17017 7ff6b89e3c80 37 API calls 17017->17021 17018->17016 17019->17001 17019->17004 17019->17013 17022 7ff6b89da950 37 API calls _invalid_parameter_noinfo 17019->17022 17020 7ff6b89e53ac memcpy_s 37 API calls 17020->17021 17021->17011 17021->17017 17021->17020 17022->17019 17024 7ff6b89e3b83 17023->17024 17025 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17024->17025 17026 7ff6b89e3bae memcpy_s 17024->17026 17025->17026 17026->16947 17028 7ff6b89de248 memcpy_s 17027->17028 17029 7ff6b89d4830 45 API calls 17028->17029 17030 7ff6b89de302 memcpy_s 17028->17030 17029->17030 17030->16946 17032 7ff6b89ddf9b 17031->17032 17037 7ff6b89ddfe8 memcpy_s 17031->17037 17033 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17032->17033 17034 7ff6b89ddfc7 17033->17034 17034->16946 17035 7ff6b89de053 17036 7ff6b89da514 __std_exception_copy 37 API calls 17035->17036 17041 7ff6b89de095 memcpy_s 17036->17041 17037->17035 17038 7ff6b89d4830 45 API calls 17037->17038 17038->17035 17039 7ff6b89da970 _isindst 17 API calls 17040 7ff6b89de140 17039->17040 17041->17039 17043 7ff6b89d0ccf 17042->17043 17044 7ff6b89d0cbe 17042->17044 17043->17044 17045 7ff6b89dd66c _fread_nolock 12 API calls 17043->17045 17044->16866 17046 7ff6b89d0d00 17045->17046 17047 7ff6b89d0d14 17046->17047 17049 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17046->17049 17048 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17047->17048 17048->17044 17049->17047 17051 7ff6b89d47de 17050->17051 17052 7ff6b89d47d6 17050->17052 17051->16877 17053 7ff6b89d4830 45 API calls 17052->17053 17053->17051 17055 7ff6b89dda41 17054->17055 17056 7ff6b89d486f 17054->17056 17055->17056 17062 7ff6b89e3374 17055->17062 17058 7ff6b89dda94 17056->17058 17059 7ff6b89d487f 17058->17059 17060 7ff6b89ddaad 17058->17060 17059->16799 17060->17059 17097 7ff6b89e26c0 17060->17097 17074 7ff6b89db1c0 GetLastError 17062->17074 17065 7ff6b89e33ce 17065->17056 17075 7ff6b89db1e4 FlsGetValue 17074->17075 17076 7ff6b89db201 FlsSetValue 17074->17076 17077 7ff6b89db1fb 17075->17077 17093 7ff6b89db1f1 17075->17093 17078 7ff6b89db213 17076->17078 17076->17093 17077->17076 17080 7ff6b89dec08 _get_daylight 11 API calls 17078->17080 17079 7ff6b89db26d SetLastError 17082 7ff6b89db27a 17079->17082 17083 7ff6b89db28d 17079->17083 17081 7ff6b89db222 17080->17081 17085 7ff6b89db240 FlsSetValue 17081->17085 17086 7ff6b89db230 FlsSetValue 17081->17086 17082->17065 17096 7ff6b89e0348 EnterCriticalSection 17082->17096 17084 7ff6b89da574 __GetCurrentState 38 API calls 17083->17084 17087 7ff6b89db292 17084->17087 17089 7ff6b89db25e 17085->17089 17090 7ff6b89db24c FlsSetValue 17085->17090 17088 7ff6b89db239 17086->17088 17091 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17088->17091 17092 7ff6b89daf64 _get_daylight 11 API calls 17089->17092 17090->17088 17091->17093 17094 7ff6b89db266 17092->17094 17093->17079 17095 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17094->17095 17095->17079 17098 7ff6b89db1c0 __GetCurrentState 45 API calls 17097->17098 17099 7ff6b89e26c9 17098->17099 17106 7ff6b89e6df8 17100->17106 17105 7ff6b89df919 MultiByteToWideChar 17103->17105 17109 7ff6b89e6e5c 17106->17109 17107 7ff6b89cc5c0 _log10_special 8 API calls 17108 7ff6b89e012d 17107->17108 17108->16901 17109->17107 17111 7ff6b89d107f 17110->17111 17112 7ff6b89d106d 17110->17112 17115 7ff6b89d108d 17111->17115 17119 7ff6b89d10c9 17111->17119 17113 7ff6b89d4f78 _get_daylight 11 API calls 17112->17113 17114 7ff6b89d1072 17113->17114 17116 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17114->17116 17117 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17115->17117 17122 7ff6b89d107d 17116->17122 17117->17122 17118 7ff6b89d1445 17120 7ff6b89d4f78 _get_daylight 11 API calls 17118->17120 17118->17122 17119->17118 17121 7ff6b89d4f78 _get_daylight 11 API calls 17119->17121 17123 7ff6b89d16d9 17120->17123 17124 7ff6b89d143a 17121->17124 17122->16759 17125 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17123->17125 17126 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17124->17126 17125->17122 17126->17118 17128 7ff6b89d0774 17127->17128 17155 7ff6b89d04d4 17128->17155 17130 7ff6b89d078d 17130->16359 17167 7ff6b89d042c 17131->17167 17135 7ff6b89cc8c0 17134->17135 17136 7ff6b89c2930 GetCurrentProcessId 17135->17136 17137 7ff6b89c1c80 49 API calls 17136->17137 17138 7ff6b89c2979 17137->17138 17181 7ff6b89d49f4 17138->17181 17143 7ff6b89c1c80 49 API calls 17144 7ff6b89c29ff 17143->17144 17211 7ff6b89c2620 17144->17211 17147 7ff6b89cc5c0 _log10_special 8 API calls 17148 7ff6b89c2a31 17147->17148 17148->16399 17150 7ff6b89d0189 17149->17150 17154 7ff6b89c1b89 17149->17154 17151 7ff6b89d4f78 _get_daylight 11 API calls 17150->17151 17152 7ff6b89d018e 17151->17152 17153 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17152->17153 17153->17154 17154->16398 17154->16399 17156 7ff6b89d053e 17155->17156 17157 7ff6b89d04fe 17155->17157 17156->17157 17158 7ff6b89d054a 17156->17158 17159 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17157->17159 17166 7ff6b89d54dc EnterCriticalSection 17158->17166 17161 7ff6b89d0525 17159->17161 17161->17130 17168 7ff6b89c1a20 17167->17168 17169 7ff6b89d0456 17167->17169 17168->16368 17168->16369 17169->17168 17170 7ff6b89d04a2 17169->17170 17171 7ff6b89d0465 memcpy_s 17169->17171 17180 7ff6b89d54dc EnterCriticalSection 17170->17180 17173 7ff6b89d4f78 _get_daylight 11 API calls 17171->17173 17175 7ff6b89d047a 17173->17175 17177 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17175->17177 17177->17168 17184 7ff6b89d4a4e 17181->17184 17182 7ff6b89d4a73 17185 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17182->17185 17183 7ff6b89d4aaf 17220 7ff6b89d2c80 17183->17220 17184->17182 17184->17183 17187 7ff6b89d4a9d 17185->17187 17189 7ff6b89cc5c0 _log10_special 8 API calls 17187->17189 17188 7ff6b89d4b58 17194 7ff6b89d4b8c 17188->17194 17197 7ff6b89d4b61 17188->17197 17192 7ff6b89c29c3 17189->17192 17190 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17190->17187 17199 7ff6b89d51d0 17192->17199 17193 7ff6b89d4bb0 17193->17194 17195 7ff6b89d4bba 17193->17195 17194->17190 17198 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17195->17198 17196 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17196->17187 17197->17196 17198->17187 17200 7ff6b89db338 _get_daylight 11 API calls 17199->17200 17201 7ff6b89d51e7 17200->17201 17202 7ff6b89c29e5 17201->17202 17203 7ff6b89dec08 _get_daylight 11 API calls 17201->17203 17206 7ff6b89d5227 17201->17206 17202->17143 17204 7ff6b89d521c 17203->17204 17205 7ff6b89da9b8 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 17204->17205 17205->17206 17206->17202 17358 7ff6b89dec90 17206->17358 17209 7ff6b89da970 _isindst 17 API calls 17210 7ff6b89d526c 17209->17210 17212 7ff6b89c262f 17211->17212 17213 7ff6b89c9400 2 API calls 17212->17213 17214 7ff6b89c2660 17213->17214 17215 7ff6b89c266f MessageBoxW 17214->17215 17216 7ff6b89c2683 MessageBoxA 17214->17216 17217 7ff6b89c2690 17215->17217 17216->17217 17218 7ff6b89cc5c0 _log10_special 8 API calls 17217->17218 17219 7ff6b89c26a0 17218->17219 17219->17147 17221 7ff6b89d2cbe 17220->17221 17222 7ff6b89d2cae 17220->17222 17223 7ff6b89d2cf5 17221->17223 17224 7ff6b89d2cc7 17221->17224 17227 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17222->17227 17223->17222 17226 7ff6b89d2ced 17223->17226 17228 7ff6b89d4830 45 API calls 17223->17228 17230 7ff6b89d2fa4 17223->17230 17234 7ff6b89d3610 17223->17234 17260 7ff6b89d32d8 17223->17260 17290 7ff6b89d2b60 17223->17290 17225 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17224->17225 17225->17226 17226->17188 17226->17193 17226->17194 17226->17197 17227->17226 17228->17223 17232 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17230->17232 17232->17222 17235 7ff6b89d3652 17234->17235 17236 7ff6b89d36c5 17234->17236 17237 7ff6b89d36ef 17235->17237 17238 7ff6b89d3658 17235->17238 17239 7ff6b89d371f 17236->17239 17240 7ff6b89d36ca 17236->17240 17307 7ff6b89d1bc0 17237->17307 17245 7ff6b89d365d 17238->17245 17251 7ff6b89d372e 17238->17251 17239->17237 17239->17251 17258 7ff6b89d3688 17239->17258 17241 7ff6b89d36ff 17240->17241 17242 7ff6b89d36cc 17240->17242 17314 7ff6b89d17b0 17241->17314 17244 7ff6b89d366d 17242->17244 17250 7ff6b89d36db 17242->17250 17259 7ff6b89d375d 17244->17259 17293 7ff6b89d3f74 17244->17293 17245->17244 17248 7ff6b89d36a0 17245->17248 17245->17258 17248->17259 17303 7ff6b89d4430 17248->17303 17250->17237 17253 7ff6b89d36e0 17250->17253 17251->17259 17321 7ff6b89d1fd0 17251->17321 17255 7ff6b89d45c8 37 API calls 17253->17255 17253->17259 17254 7ff6b89cc5c0 _log10_special 8 API calls 17256 7ff6b89d39f3 17254->17256 17255->17258 17256->17223 17258->17259 17328 7ff6b89de8c8 17258->17328 17259->17254 17261 7ff6b89d32e3 17260->17261 17262 7ff6b89d32f9 17260->17262 17263 7ff6b89d3652 17261->17263 17264 7ff6b89d36c5 17261->17264 17266 7ff6b89d3337 17261->17266 17265 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17262->17265 17262->17266 17267 7ff6b89d36ef 17263->17267 17269 7ff6b89d3658 17263->17269 17268 7ff6b89d36ca 17264->17268 17272 7ff6b89d371f 17264->17272 17265->17266 17266->17223 17273 7ff6b89d1bc0 38 API calls 17267->17273 17270 7ff6b89d36ff 17268->17270 17271 7ff6b89d36cc 17268->17271 17277 7ff6b89d365d 17269->17277 17279 7ff6b89d372e 17269->17279 17275 7ff6b89d17b0 38 API calls 17270->17275 17274 7ff6b89d366d 17271->17274 17281 7ff6b89d36db 17271->17281 17272->17267 17272->17279 17288 7ff6b89d3688 17272->17288 17273->17288 17276 7ff6b89d3f74 47 API calls 17274->17276 17289 7ff6b89d375d 17274->17289 17275->17288 17276->17288 17277->17274 17278 7ff6b89d36a0 17277->17278 17277->17288 17282 7ff6b89d4430 47 API calls 17278->17282 17278->17289 17280 7ff6b89d1fd0 38 API calls 17279->17280 17279->17289 17280->17288 17281->17267 17283 7ff6b89d36e0 17281->17283 17282->17288 17285 7ff6b89d45c8 37 API calls 17283->17285 17283->17289 17284 7ff6b89cc5c0 _log10_special 8 API calls 17286 7ff6b89d39f3 17284->17286 17285->17288 17286->17223 17287 7ff6b89de8c8 47 API calls 17287->17288 17288->17287 17288->17289 17289->17284 17341 7ff6b89d0d84 17290->17341 17294 7ff6b89d3f96 17293->17294 17295 7ff6b89d0bf0 12 API calls 17294->17295 17296 7ff6b89d3fde 17295->17296 17297 7ff6b89de5e0 46 API calls 17296->17297 17298 7ff6b89d40b1 17297->17298 17299 7ff6b89d4830 45 API calls 17298->17299 17300 7ff6b89d40d3 17298->17300 17299->17300 17301 7ff6b89d4830 45 API calls 17300->17301 17302 7ff6b89d415c 17300->17302 17301->17302 17302->17258 17304 7ff6b89d4448 17303->17304 17306 7ff6b89d44b0 17303->17306 17305 7ff6b89de8c8 47 API calls 17304->17305 17304->17306 17305->17306 17306->17258 17309 7ff6b89d1bf3 17307->17309 17308 7ff6b89d1c22 17310 7ff6b89d0bf0 12 API calls 17308->17310 17313 7ff6b89d1c5f 17308->17313 17309->17308 17311 7ff6b89d1cdf 17309->17311 17310->17313 17312 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17311->17312 17312->17313 17313->17258 17315 7ff6b89d17e3 17314->17315 17316 7ff6b89d1812 17315->17316 17318 7ff6b89d18cf 17315->17318 17317 7ff6b89d0bf0 12 API calls 17316->17317 17320 7ff6b89d184f 17316->17320 17317->17320 17319 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17318->17319 17319->17320 17320->17258 17322 7ff6b89d2003 17321->17322 17323 7ff6b89d2032 17322->17323 17325 7ff6b89d20ef 17322->17325 17324 7ff6b89d0bf0 12 API calls 17323->17324 17327 7ff6b89d206f 17323->17327 17324->17327 17326 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17325->17326 17326->17327 17327->17258 17331 7ff6b89de8f0 17328->17331 17329 7ff6b89de91e memcpy_s 17333 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17329->17333 17334 7ff6b89de8f5 memcpy_s 17329->17334 17330 7ff6b89de935 17330->17329 17330->17334 17338 7ff6b89e0858 17330->17338 17331->17329 17331->17330 17332 7ff6b89d4830 45 API calls 17331->17332 17331->17334 17332->17330 17333->17334 17334->17258 17340 7ff6b89e087c WideCharToMultiByte 17338->17340 17342 7ff6b89d0dc3 17341->17342 17343 7ff6b89d0db1 17341->17343 17345 7ff6b89d0dd0 17342->17345 17349 7ff6b89d0e0d 17342->17349 17344 7ff6b89d4f78 _get_daylight 11 API calls 17343->17344 17346 7ff6b89d0db6 17344->17346 17347 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 17345->17347 17348 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17346->17348 17355 7ff6b89d0dc1 17347->17355 17348->17355 17350 7ff6b89d0eb6 17349->17350 17351 7ff6b89d4f78 _get_daylight 11 API calls 17349->17351 17352 7ff6b89d4f78 _get_daylight 11 API calls 17350->17352 17350->17355 17353 7ff6b89d0eab 17351->17353 17354 7ff6b89d0f60 17352->17354 17356 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17353->17356 17357 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17354->17357 17355->17223 17356->17350 17357->17355 17363 7ff6b89decad 17358->17363 17359 7ff6b89decb2 17360 7ff6b89d524d 17359->17360 17361 7ff6b89d4f78 _get_daylight 11 API calls 17359->17361 17360->17202 17360->17209 17362 7ff6b89decbc 17361->17362 17364 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17362->17364 17363->17359 17363->17360 17365 7ff6b89decfc 17363->17365 17364->17360 17365->17360 17366 7ff6b89d4f78 _get_daylight 11 API calls 17365->17366 17366->17362 17368 7ff6b89c8823 __vcrt_freefls 17367->17368 17369 7ff6b89c87a1 GetTokenInformation 17367->17369 17372 7ff6b89c883c 17368->17372 17373 7ff6b89c8836 CloseHandle 17368->17373 17370 7ff6b89c87c2 GetLastError 17369->17370 17371 7ff6b89c87cd 17369->17371 17370->17368 17370->17371 17371->17368 17374 7ff6b89c87e9 GetTokenInformation 17371->17374 17372->16417 17373->17372 17374->17368 17375 7ff6b89c880c 17374->17375 17375->17368 17376 7ff6b89c8816 ConvertSidToStringSidW 17375->17376 17376->17368 17378 7ff6b89cc8c0 17377->17378 17379 7ff6b89c2b74 GetCurrentProcessId 17378->17379 17380 7ff6b89c26b0 48 API calls 17379->17380 17381 7ff6b89c2bc7 17380->17381 17382 7ff6b89d4c48 48 API calls 17381->17382 17383 7ff6b89c2c10 MessageBoxW 17382->17383 17384 7ff6b89cc5c0 _log10_special 8 API calls 17383->17384 17385 7ff6b89c2c40 17384->17385 17385->16427 17387 7ff6b89c25e5 17386->17387 17388 7ff6b89d4c48 48 API calls 17387->17388 17389 7ff6b89c2604 17388->17389 17389->16436 17435 7ff6b89d8804 17390->17435 17394 7ff6b89c81cc 17393->17394 17395 7ff6b89c9400 2 API calls 17394->17395 17396 7ff6b89c81eb 17395->17396 17397 7ff6b89c81f3 17396->17397 17398 7ff6b89c8206 ExpandEnvironmentStringsW 17396->17398 17399 7ff6b89c2810 49 API calls 17397->17399 17400 7ff6b89c822c __vcrt_freefls 17398->17400 17424 7ff6b89c81ff __vcrt_freefls 17399->17424 17401 7ff6b89c8243 17400->17401 17402 7ff6b89c8230 17400->17402 17406 7ff6b89c82af 17401->17406 17407 7ff6b89c8251 GetDriveTypeW 17401->17407 17403 7ff6b89c2810 49 API calls 17402->17403 17403->17424 17404 7ff6b89cc5c0 _log10_special 8 API calls 17424->17404 17476 7ff6b89e15c8 17435->17476 17535 7ff6b89e1340 17476->17535 17556 7ff6b89e0348 EnterCriticalSection 17535->17556 17683 7ff6b89c455a 17682->17683 17684 7ff6b89c9400 2 API calls 17683->17684 17685 7ff6b89c457f 17684->17685 17686 7ff6b89cc5c0 _log10_special 8 API calls 17685->17686 17687 7ff6b89c45a7 17686->17687 17687->16480 17689 7ff6b89c7e1e 17688->17689 17690 7ff6b89c1c80 49 API calls 17689->17690 17693 7ff6b89c7f42 17689->17693 17696 7ff6b89c7ea5 17690->17696 17691 7ff6b89cc5c0 _log10_special 8 API calls 17692 7ff6b89c7f73 17691->17692 17692->16480 17693->17691 17694 7ff6b89c1c80 49 API calls 17694->17696 17695 7ff6b89c4550 10 API calls 17695->17696 17696->17693 17696->17694 17696->17695 17697 7ff6b89c9400 2 API calls 17696->17697 17698 7ff6b89c7f13 CreateDirectoryW 17697->17698 17698->17693 17698->17696 17700 7ff6b89c1613 17699->17700 17701 7ff6b89c1637 17699->17701 17820 7ff6b89c1050 17700->17820 17703 7ff6b89c45b0 108 API calls 17701->17703 17705 7ff6b89c164b 17703->17705 17704 7ff6b89c1618 17706 7ff6b89c162e 17704->17706 17711 7ff6b89c2710 54 API calls 17704->17711 17707 7ff6b89c1653 17705->17707 17708 7ff6b89c1682 17705->17708 17706->16480 17709 7ff6b89d4f78 _get_daylight 11 API calls 17707->17709 17710 7ff6b89c45b0 108 API calls 17708->17710 17712 7ff6b89c1658 17709->17712 17713 7ff6b89c1696 17710->17713 17711->17706 17714 7ff6b89c2910 54 API calls 17712->17714 17715 7ff6b89c169e 17713->17715 17716 7ff6b89c16b8 17713->17716 17717 7ff6b89c1671 17714->17717 17718 7ff6b89c2710 54 API calls 17715->17718 17719 7ff6b89d0744 73 API calls 17716->17719 17717->16480 17720 7ff6b89c16ae 17718->17720 17721 7ff6b89c16cd 17719->17721 17726 7ff6b89d00bc 74 API calls 17720->17726 17722 7ff6b89c16d1 17721->17722 17723 7ff6b89c16f9 17721->17723 17748 7ff6b89c7134 17747->17748 17749 7ff6b89c717b 17747->17749 17748->17749 17884 7ff6b89d5094 17748->17884 17749->16480 17752 7ff6b89c4191 17751->17752 17753 7ff6b89c44d0 49 API calls 17752->17753 17754 7ff6b89c41cb 17753->17754 17755 7ff6b89c44d0 49 API calls 17754->17755 17756 7ff6b89c41db 17755->17756 17757 7ff6b89c41fd 17756->17757 17758 7ff6b89c422c 17756->17758 17915 7ff6b89c4100 17757->17915 17760 7ff6b89c4100 51 API calls 17758->17760 17761 7ff6b89c422a 17760->17761 17762 7ff6b89c4257 17761->17762 17763 7ff6b89c428c 17761->17763 17922 7ff6b89c7ce0 17762->17922 17765 7ff6b89c4100 51 API calls 17763->17765 17767 7ff6b89c42b0 17765->17767 17796 7ff6b89c1c80 49 API calls 17795->17796 17797 7ff6b89c4464 17796->17797 17797->16480 17821 7ff6b89c45b0 108 API calls 17820->17821 17822 7ff6b89c108c 17821->17822 17823 7ff6b89c1094 17822->17823 17824 7ff6b89c10a9 17822->17824 17825 7ff6b89c2710 54 API calls 17823->17825 17826 7ff6b89d0744 73 API calls 17824->17826 17831 7ff6b89c10a4 __vcrt_freefls 17825->17831 17827 7ff6b89c10bf 17826->17827 17828 7ff6b89c10c3 17827->17828 17829 7ff6b89c10e6 17827->17829 17830 7ff6b89d4f78 _get_daylight 11 API calls 17828->17830 17834 7ff6b89c1122 17829->17834 17835 7ff6b89c10f7 17829->17835 17832 7ff6b89c10c8 17830->17832 17831->17704 17833 7ff6b89c2910 54 API calls 17832->17833 17837 7ff6b89c1129 17834->17837 17845 7ff6b89c113c 17834->17845 17836 7ff6b89d4f78 _get_daylight 11 API calls 17835->17836 17838 7ff6b89c1100 17836->17838 17885 7ff6b89d50ce 17884->17885 17886 7ff6b89d50a1 17884->17886 17887 7ff6b89d50f1 17885->17887 17891 7ff6b89d510d 17885->17891 17888 7ff6b89d4f78 _get_daylight 11 API calls 17886->17888 17896 7ff6b89d5058 17886->17896 17890 7ff6b89d4f78 _get_daylight 11 API calls 17887->17890 17889 7ff6b89d50ab 17888->17889 17892 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17889->17892 17893 7ff6b89d50f6 17890->17893 17899 7ff6b89d4fbc 17891->17899 17895 7ff6b89d50b6 17892->17895 17897 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17893->17897 17895->17748 17896->17748 17898 7ff6b89d5101 17897->17898 17898->17748 17900 7ff6b89d4fe0 17899->17900 17901 7ff6b89d4fdb 17899->17901 17900->17901 17902 7ff6b89db1c0 __GetCurrentState 45 API calls 17900->17902 17901->17898 17903 7ff6b89d4ffb 17902->17903 17907 7ff6b89dd9f4 17903->17907 17908 7ff6b89d501e 17907->17908 17909 7ff6b89dda09 17907->17909 17909->17908 17916 7ff6b89c4126 17915->17916 17917 7ff6b89d49f4 49 API calls 17916->17917 17918 7ff6b89c414c 17917->17918 17923 7ff6b89c7cf5 17922->17923 17979 7ff6b89d5f38 17978->17979 17980 7ff6b89d5f5e 17979->17980 17982 7ff6b89d5f91 17979->17982 17981 7ff6b89d4f78 _get_daylight 11 API calls 17980->17981 17983 7ff6b89d5f63 17981->17983 17984 7ff6b89d5fa4 17982->17984 17985 7ff6b89d5f97 17982->17985 17986 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 17983->17986 17997 7ff6b89dac98 17984->17997 17987 7ff6b89d4f78 _get_daylight 11 API calls 17985->17987 17996 7ff6b89c4606 17986->17996 17987->17996 17996->16505 18010 7ff6b89e0348 EnterCriticalSection 17997->18010 18370 7ff6b89d7968 18369->18370 18373 7ff6b89d7444 18370->18373 18372 7ff6b89d7981 18372->16515 18374 7ff6b89d748e 18373->18374 18375 7ff6b89d745f 18373->18375 18383 7ff6b89d54dc EnterCriticalSection 18374->18383 18376 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 18375->18376 18380 7ff6b89d747f 18376->18380 18380->18372 18385 7ff6b89cfeb3 18384->18385 18386 7ff6b89cfee1 18384->18386 18387 7ff6b89da884 _invalid_parameter_noinfo 37 API calls 18385->18387 18388 7ff6b89cfed3 18386->18388 18394 7ff6b89d54dc EnterCriticalSection 18386->18394 18387->18388 18388->16519 18396 7ff6b89ccb62 RtlLookupFunctionEntry 18395->18396 18397 7ff6b89cc97b 18396->18397 18398 7ff6b89ccb78 RtlVirtualUnwind 18396->18398 18399 7ff6b89cc910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 18397->18399 18398->18396 18398->18397 18401 7ff6b89c45b0 108 API calls 18400->18401 18402 7ff6b89c1493 18401->18402 18403 7ff6b89c14bc 18402->18403 18404 7ff6b89c149b 18402->18404 18406 7ff6b89d0744 73 API calls 18403->18406 18405 7ff6b89c2710 54 API calls 18404->18405 18407 7ff6b89c14ab 18405->18407 18408 7ff6b89c14d1 18406->18408 18407->16561 18409 7ff6b89c14d5 18408->18409 18410 7ff6b89c14f8 18408->18410 18411 7ff6b89d4f78 _get_daylight 11 API calls 18409->18411 18413 7ff6b89c1532 18410->18413 18414 7ff6b89c1508 18410->18414 18507 7ff6b89c6365 18506->18507 18508 7ff6b89c1c80 49 API calls 18507->18508 18509 7ff6b89c63a1 18508->18509 18510 7ff6b89c63cd 18509->18510 18511 7ff6b89c63aa 18509->18511 18512 7ff6b89c4620 49 API calls 18510->18512 18513 7ff6b89c2710 54 API calls 18511->18513 18514 7ff6b89c63e5 18512->18514 18530 7ff6b89c63c3 18513->18530 18515 7ff6b89c6403 18514->18515 18516 7ff6b89c2710 54 API calls 18514->18516 18517 7ff6b89c4550 10 API calls 18515->18517 18516->18515 18519 7ff6b89c640d 18517->18519 18518 7ff6b89cc5c0 _log10_special 8 API calls 18520 7ff6b89c336e 18518->18520 18521 7ff6b89c641b 18519->18521 18522 7ff6b89c9070 3 API calls 18519->18522 18520->16630 18537 7ff6b89c64f0 18520->18537 18523 7ff6b89c4620 49 API calls 18521->18523 18522->18521 18530->18518 18686 7ff6b89c53f0 18537->18686 18796 7ff6b89db1c0 __GetCurrentState 45 API calls 18795->18796 18797 7ff6b89da451 18796->18797 18800 7ff6b89da574 18797->18800 18809 7ff6b89e36c0 18800->18809 18835 7ff6b89e3678 18809->18835 18840 7ff6b89e0348 EnterCriticalSection 18835->18840 20742 7ff6b89d5480 20743 7ff6b89d548b 20742->20743 20751 7ff6b89df314 20743->20751 20764 7ff6b89e0348 EnterCriticalSection 20751->20764 18844 7ff6b89df9fc 18845 7ff6b89dfbee 18844->18845 18847 7ff6b89dfa3e _isindst 18844->18847 18846 7ff6b89d4f78 _get_daylight 11 API calls 18845->18846 18864 7ff6b89dfbde 18846->18864 18847->18845 18850 7ff6b89dfabe _isindst 18847->18850 18848 7ff6b89cc5c0 _log10_special 8 API calls 18849 7ff6b89dfc09 18848->18849 18865 7ff6b89e6204 18850->18865 18855 7ff6b89dfc1a 18857 7ff6b89da970 _isindst 17 API calls 18855->18857 18858 7ff6b89dfc2e 18857->18858 18862 7ff6b89dfb1b 18862->18864 18889 7ff6b89e6248 18862->18889 18864->18848 18866 7ff6b89e6213 18865->18866 18867 7ff6b89dfadc 18865->18867 18896 7ff6b89e0348 EnterCriticalSection 18866->18896 18871 7ff6b89e5608 18867->18871 18872 7ff6b89e5611 18871->18872 18873 7ff6b89dfaf1 18871->18873 18874 7ff6b89d4f78 _get_daylight 11 API calls 18872->18874 18873->18855 18877 7ff6b89e5638 18873->18877 18875 7ff6b89e5616 18874->18875 18876 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 18875->18876 18876->18873 18878 7ff6b89e5641 18877->18878 18882 7ff6b89dfb02 18877->18882 18879 7ff6b89d4f78 _get_daylight 11 API calls 18878->18879 18880 7ff6b89e5646 18879->18880 18881 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 18880->18881 18881->18882 18882->18855 18883 7ff6b89e5668 18882->18883 18884 7ff6b89e5671 18883->18884 18885 7ff6b89dfb13 18883->18885 18886 7ff6b89d4f78 _get_daylight 11 API calls 18884->18886 18885->18855 18885->18862 18887 7ff6b89e5676 18886->18887 18888 7ff6b89da950 _invalid_parameter_noinfo 37 API calls 18887->18888 18888->18885 18897 7ff6b89e0348 EnterCriticalSection 18889->18897 20070 7ff6b89dc590 20081 7ff6b89e0348 EnterCriticalSection 20070->20081

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FF6B89C8BD0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 7ff6b89c8bd0-7ff6b89c8d16 call 7ff6b89cc8c0 call 7ff6b89c9400 SetConsoleCtrlHandler GetStartupInfoW call 7ff6b89d5460 call 7ff6b89da4ec call 7ff6b89d878c call 7ff6b89d5460 call 7ff6b89da4ec call 7ff6b89d878c call 7ff6b89d5460 call 7ff6b89da4ec call 7ff6b89d878c GetCommandLineW CreateProcessW 23 7ff6b89c8d3d-7ff6b89c8d79 RegisterClassW 0->23 24 7ff6b89c8d18-7ff6b89c8d38 GetLastError call 7ff6b89c2c50 0->24 25 7ff6b89c8d81-7ff6b89c8dd5 CreateWindowExW 23->25 26 7ff6b89c8d7b GetLastError 23->26 31 7ff6b89c9029-7ff6b89c904f call 7ff6b89cc5c0 24->31 29 7ff6b89c8ddf-7ff6b89c8de4 ShowWindow 25->29 30 7ff6b89c8dd7-7ff6b89c8ddd GetLastError 25->30 26->25 32 7ff6b89c8dea-7ff6b89c8dfa WaitForSingleObject 29->32 30->32 34 7ff6b89c8dfc 32->34 35 7ff6b89c8e78-7ff6b89c8e7f 32->35 37 7ff6b89c8e00-7ff6b89c8e03 34->37 38 7ff6b89c8ec2-7ff6b89c8ec9 35->38 39 7ff6b89c8e81-7ff6b89c8e91 WaitForSingleObject 35->39 44 7ff6b89c8e05 GetLastError 37->44 45 7ff6b89c8e0b-7ff6b89c8e12 37->45 42 7ff6b89c8ecf-7ff6b89c8ee5 QueryPerformanceFrequency QueryPerformanceCounter 38->42 43 7ff6b89c8fb0-7ff6b89c8fc9 GetMessageW 38->43 40 7ff6b89c8e97-7ff6b89c8ea7 TerminateProcess 39->40 41 7ff6b89c8fe8-7ff6b89c8ff2 39->41 48 7ff6b89c8eaf-7ff6b89c8ebd WaitForSingleObject 40->48 49 7ff6b89c8ea9 GetLastError 40->49 46 7ff6b89c8ff4-7ff6b89c8ffa DestroyWindow 41->46 47 7ff6b89c9001-7ff6b89c9025 GetExitCodeProcess CloseHandle * 2 41->47 50 7ff6b89c8ef0-7ff6b89c8f28 MsgWaitForMultipleObjects PeekMessageW 42->50 52 7ff6b89c8fdf-7ff6b89c8fe6 43->52 53 7ff6b89c8fcb-7ff6b89c8fd9 TranslateMessage DispatchMessageW 43->53 44->45 45->39 51 7ff6b89c8e14-7ff6b89c8e31 PeekMessageW 45->51 46->47 47->31 48->41 49->48 54 7ff6b89c8f63-7ff6b89c8f6a 50->54 55 7ff6b89c8f2a 50->55 56 7ff6b89c8e33-7ff6b89c8e64 TranslateMessage DispatchMessageW PeekMessageW 51->56 57 7ff6b89c8e66-7ff6b89c8e76 WaitForSingleObject 51->57 52->41 52->43 53->52 54->43 59 7ff6b89c8f6c-7ff6b89c8f95 QueryPerformanceCounter 54->59 58 7ff6b89c8f30-7ff6b89c8f61 TranslateMessage DispatchMessageW PeekMessageW 55->58 56->56 56->57 57->35 57->37 58->54 58->58 59->50 60 7ff6b89c8f9b-7ff6b89c8fa2 59->60 60->41 61 7ff6b89c8fa4-7ff6b89c8fa8 60->61 61->43
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                                              • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                                              • API String ID: 3832162212-3165540532
                                                                                                                                                                                                              • Opcode ID: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                              • Instruction ID: 8cf44358c4d1cc1e2b6fd0e77542f5fed6cca4bf450b1392ff2337dfc58b6184
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f1b4a1f9842ac9cce6b2798ee34386867a7882a0850fd65476f94626d3f01840
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2CD16432A18A43D6EF10AF7CE8542A93764FB84B5AF400135DB5DA3A96DF3CD14AC748
                                                                                                                                                                                                              Function 00007FF6B89C1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 62 7ff6b89c1000-7ff6b89c3806 call 7ff6b89cfe88 call 7ff6b89cfe90 call 7ff6b89cc8c0 call 7ff6b89d5460 call 7ff6b89d54f4 call 7ff6b89c36b0 76 7ff6b89c3814-7ff6b89c3836 call 7ff6b89c1950 62->76 77 7ff6b89c3808-7ff6b89c380f 62->77 83 7ff6b89c383c-7ff6b89c3856 call 7ff6b89c1c80 76->83 84 7ff6b89c391b-7ff6b89c3931 call 7ff6b89c45b0 76->84 78 7ff6b89c3c97-7ff6b89c3cb2 call 7ff6b89cc5c0 77->78 88 7ff6b89c385b-7ff6b89c389b call 7ff6b89c8a20 83->88 89 7ff6b89c3933-7ff6b89c3960 call 7ff6b89c7f80 84->89 90 7ff6b89c396a-7ff6b89c397f call 7ff6b89c2710 84->90 97 7ff6b89c38c1-7ff6b89c38cc call 7ff6b89d4fa0 88->97 98 7ff6b89c389d-7ff6b89c38a3 88->98 100 7ff6b89c3984-7ff6b89c39a6 call 7ff6b89c1c80 89->100 101 7ff6b89c3962-7ff6b89c3965 call 7ff6b89d00bc 89->101 102 7ff6b89c3c8f 90->102 110 7ff6b89c38d2-7ff6b89c38e1 call 7ff6b89c8a20 97->110 111 7ff6b89c39fc-7ff6b89c3a2a call 7ff6b89c8b30 call 7ff6b89c8b90 * 3 97->111 103 7ff6b89c38af-7ff6b89c38bd call 7ff6b89c8b90 98->103 104 7ff6b89c38a5-7ff6b89c38ad 98->104 115 7ff6b89c39b0-7ff6b89c39b9 100->115 101->90 102->78 103->97 104->103 119 7ff6b89c39f4-7ff6b89c39f7 call 7ff6b89d4fa0 110->119 120 7ff6b89c38e7-7ff6b89c38ed 110->120 138 7ff6b89c3a2f-7ff6b89c3a3e call 7ff6b89c8a20 111->138 115->115 118 7ff6b89c39bb-7ff6b89c39d8 call 7ff6b89c1950 115->118 118->88 127 7ff6b89c39de-7ff6b89c39ef call 7ff6b89c2710 118->127 119->111 124 7ff6b89c38f0-7ff6b89c38fc 120->124 128 7ff6b89c38fe-7ff6b89c3903 124->128 129 7ff6b89c3905-7ff6b89c3908 124->129 127->102 128->124 128->129 129->119 132 7ff6b89c390e-7ff6b89c3916 call 7ff6b89d4fa0 129->132 132->138 141 7ff6b89c3b45-7ff6b89c3b53 138->141 142 7ff6b89c3a44-7ff6b89c3a47 138->142 144 7ff6b89c3b59-7ff6b89c3b5d 141->144 145 7ff6b89c3a67 141->145 142->141 143 7ff6b89c3a4d-7ff6b89c3a50 142->143 146 7ff6b89c3b14-7ff6b89c3b17 143->146 147 7ff6b89c3a56-7ff6b89c3a5a 143->147 148 7ff6b89c3a6b-7ff6b89c3a90 call 7ff6b89d4fa0 144->148 145->148 150 7ff6b89c3b2f-7ff6b89c3b40 call 7ff6b89c2710 146->150 151 7ff6b89c3b19-7ff6b89c3b1d 146->151 147->146 149 7ff6b89c3a60 147->149 157 7ff6b89c3a92-7ff6b89c3aa6 call 7ff6b89c8b30 148->157 158 7ff6b89c3aab-7ff6b89c3ac0 148->158 149->145 159 7ff6b89c3c7f-7ff6b89c3c87 150->159 151->150 153 7ff6b89c3b1f-7ff6b89c3b2a 151->153 153->148 157->158 161 7ff6b89c3be8-7ff6b89c3bfa call 7ff6b89c8a20 158->161 162 7ff6b89c3ac6-7ff6b89c3aca 158->162 159->102 170 7ff6b89c3c2e 161->170 171 7ff6b89c3bfc-7ff6b89c3c02 161->171 164 7ff6b89c3ad0-7ff6b89c3ae8 call 7ff6b89d52c0 162->164 165 7ff6b89c3bcd-7ff6b89c3be2 call 7ff6b89c1940 162->165 176 7ff6b89c3b62-7ff6b89c3b7a call 7ff6b89d52c0 164->176 177 7ff6b89c3aea-7ff6b89c3b02 call 7ff6b89d52c0 164->177 165->161 165->162 173 7ff6b89c3c31-7ff6b89c3c40 call 7ff6b89d4fa0 170->173 174 7ff6b89c3c1e-7ff6b89c3c2c 171->174 175 7ff6b89c3c04-7ff6b89c3c1c 171->175 185 7ff6b89c3d41-7ff6b89c3d63 call 7ff6b89c44d0 173->185 186 7ff6b89c3c46-7ff6b89c3c4a 173->186 174->173 175->173 187 7ff6b89c3b87-7ff6b89c3b9f call 7ff6b89d52c0 176->187 188 7ff6b89c3b7c-7ff6b89c3b80 176->188 177->165 184 7ff6b89c3b08-7ff6b89c3b0f 177->184 184->165 201 7ff6b89c3d71-7ff6b89c3d82 call 7ff6b89c1c80 185->201 202 7ff6b89c3d65-7ff6b89c3d6f call 7ff6b89c4620 185->202 190 7ff6b89c3c50-7ff6b89c3c5f call 7ff6b89c90e0 186->190 191 7ff6b89c3cd4-7ff6b89c3ce6 call 7ff6b89c8a20 186->191 197 7ff6b89c3ba1-7ff6b89c3ba5 187->197 198 7ff6b89c3bac-7ff6b89c3bc4 call 7ff6b89d52c0 187->198 188->187 204 7ff6b89c3c61 190->204 205 7ff6b89c3cb3-7ff6b89c3cb6 call 7ff6b89c8850 190->205 206 7ff6b89c3d35-7ff6b89c3d3c 191->206 207 7ff6b89c3ce8-7ff6b89c3ceb 191->207 197->198 198->165 217 7ff6b89c3bc6 198->217 215 7ff6b89c3d87-7ff6b89c3d96 201->215 202->215 212 7ff6b89c3c68 call 7ff6b89c2710 204->212 216 7ff6b89c3cbb-7ff6b89c3cbd 205->216 206->212 207->206 213 7ff6b89c3ced-7ff6b89c3d10 call 7ff6b89c1c80 207->213 226 7ff6b89c3c6d-7ff6b89c3c77 212->226 230 7ff6b89c3d12-7ff6b89c3d26 call 7ff6b89c2710 call 7ff6b89d4fa0 213->230 231 7ff6b89c3d2b-7ff6b89c3d33 call 7ff6b89d4fa0 213->231 220 7ff6b89c3dc4-7ff6b89c3dda call 7ff6b89c9400 215->220 221 7ff6b89c3d98-7ff6b89c3d9f 215->221 224 7ff6b89c3cbf-7ff6b89c3cc6 216->224 225 7ff6b89c3cc8-7ff6b89c3ccf 216->225 217->165 233 7ff6b89c3de8-7ff6b89c3e04 SetDllDirectoryW 220->233 234 7ff6b89c3ddc 220->234 221->220 222 7ff6b89c3da1-7ff6b89c3da5 221->222 222->220 228 7ff6b89c3da7-7ff6b89c3dbe SetDllDirectoryW LoadLibraryExW 222->228 224->212 225->215 226->159 228->220 230->226 231->215 237 7ff6b89c3f01-7ff6b89c3f08 233->237 238 7ff6b89c3e0a-7ff6b89c3e19 call 7ff6b89c8a20 233->238 234->233 241 7ff6b89c3f0e-7ff6b89c3f15 237->241 242 7ff6b89c3ffc-7ff6b89c4004 237->242 251 7ff6b89c3e32-7ff6b89c3e3c call 7ff6b89d4fa0 238->251 252 7ff6b89c3e1b-7ff6b89c3e21 238->252 241->242 245 7ff6b89c3f1b-7ff6b89c3f25 call 7ff6b89c33c0 241->245 246 7ff6b89c4029-7ff6b89c405b call 7ff6b89c36a0 call 7ff6b89c3360 call 7ff6b89c3670 call 7ff6b89c6fb0 call 7ff6b89c6d60 242->246 247 7ff6b89c4006-7ff6b89c4023 PostMessageW GetMessageW 242->247 245->226 259 7ff6b89c3f2b-7ff6b89c3f3f call 7ff6b89c90c0 245->259 247->246 261 7ff6b89c3ef2-7ff6b89c3efc call 7ff6b89c8b30 251->261 262 7ff6b89c3e42-7ff6b89c3e48 251->262 255 7ff6b89c3e23-7ff6b89c3e2b 252->255 256 7ff6b89c3e2d-7ff6b89c3e2f 252->256 255->256 256->251 271 7ff6b89c3f41-7ff6b89c3f5e PostMessageW GetMessageW 259->271 272 7ff6b89c3f64-7ff6b89c3f7a call 7ff6b89c8b30 call 7ff6b89c8bd0 259->272 261->237 262->261 266 7ff6b89c3e4e-7ff6b89c3e54 262->266 269 7ff6b89c3e5f-7ff6b89c3e61 266->269 270 7ff6b89c3e56-7ff6b89c3e58 266->270 269->237 274 7ff6b89c3e67-7ff6b89c3e83 call 7ff6b89c6db0 call 7ff6b89c7330 269->274 270->274 275 7ff6b89c3e5a 270->275 271->272 286 7ff6b89c3f7f-7ff6b89c3fa7 call 7ff6b89c6fb0 call 7ff6b89c6d60 call 7ff6b89c8ad0 272->286 290 7ff6b89c3e8e-7ff6b89c3e95 274->290 291 7ff6b89c3e85-7ff6b89c3e8c 274->291 275->237 310 7ff6b89c3fe9-7ff6b89c3ff7 call 7ff6b89c1900 286->310 311 7ff6b89c3fa9-7ff6b89c3fb3 call 7ff6b89c9200 286->311 294 7ff6b89c3eaf-7ff6b89c3eb9 call 7ff6b89c71a0 290->294 295 7ff6b89c3e97-7ff6b89c3ea4 call 7ff6b89c6df0 290->295 293 7ff6b89c3edb-7ff6b89c3ef0 call 7ff6b89c2a50 call 7ff6b89c6fb0 call 7ff6b89c6d60 291->293 293->237 305 7ff6b89c3ec4-7ff6b89c3ed2 call 7ff6b89c74e0 294->305 306 7ff6b89c3ebb-7ff6b89c3ec2 294->306 295->294 304 7ff6b89c3ea6-7ff6b89c3ead 295->304 304->293 305->237 318 7ff6b89c3ed4 305->318 306->293 310->226 311->310 321 7ff6b89c3fb5-7ff6b89c3fca 311->321 318->293 322 7ff6b89c3fe4 call 7ff6b89c2a50 321->322 323 7ff6b89c3fcc-7ff6b89c3fdf call 7ff6b89c2710 call 7ff6b89c1900 321->323 322->310 323->226
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                              • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                              • API String ID: 2776309574-4232158417
                                                                                                                                                                                                              • Opcode ID: 34ebbec891a92e8f0d6526a13ba458de2b6270beb44e1e7b04e7cc53b3f01dc2
                                                                                                                                                                                                              • Instruction ID: 3b5664e8991f8398a28a3053a139b95b45c06e1eb67bea6b7f1f6df451b5757c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34ebbec891a92e8f0d6526a13ba458de2b6270beb44e1e7b04e7cc53b3f01dc2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8632AE21A1C68391FE15BB3DD4543B92A61AF44786F844032DB5DC32D3EF2EE55ADB08
                                                                                                                                                                                                              Function 00007FF6B89E5C70 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 477 7ff6b89e5c70-7ff6b89e5cab call 7ff6b89e55f8 call 7ff6b89e5600 call 7ff6b89e5668 484 7ff6b89e5ed5-7ff6b89e5f21 call 7ff6b89da970 call 7ff6b89e55f8 call 7ff6b89e5600 call 7ff6b89e5668 477->484 485 7ff6b89e5cb1-7ff6b89e5cbc call 7ff6b89e5608 477->485 512 7ff6b89e605f-7ff6b89e60cd call 7ff6b89da970 call 7ff6b89e15e8 484->512 513 7ff6b89e5f27-7ff6b89e5f32 call 7ff6b89e5608 484->513 485->484 491 7ff6b89e5cc2-7ff6b89e5ccc 485->491 493 7ff6b89e5cee-7ff6b89e5cf2 491->493 494 7ff6b89e5cce-7ff6b89e5cd1 491->494 495 7ff6b89e5cf5-7ff6b89e5cfd 493->495 497 7ff6b89e5cd4-7ff6b89e5cdf 494->497 495->495 498 7ff6b89e5cff-7ff6b89e5d12 call 7ff6b89dd66c 495->498 500 7ff6b89e5ce1-7ff6b89e5ce8 497->500 501 7ff6b89e5cea-7ff6b89e5cec 497->501 507 7ff6b89e5d14-7ff6b89e5d16 call 7ff6b89da9b8 498->507 508 7ff6b89e5d2a-7ff6b89e5d36 call 7ff6b89da9b8 498->508 500->497 500->501 501->493 502 7ff6b89e5d1b-7ff6b89e5d29 501->502 507->502 518 7ff6b89e5d3d-7ff6b89e5d45 508->518 531 7ff6b89e60cf-7ff6b89e60d6 512->531 532 7ff6b89e60db-7ff6b89e60de 512->532 513->512 520 7ff6b89e5f38-7ff6b89e5f43 call 7ff6b89e5638 513->520 518->518 521 7ff6b89e5d47-7ff6b89e5d58 call 7ff6b89e04e4 518->521 520->512 529 7ff6b89e5f49-7ff6b89e5f6c call 7ff6b89da9b8 GetTimeZoneInformation 520->529 521->484 530 7ff6b89e5d5e-7ff6b89e5db4 call 7ff6b89ea540 * 4 call 7ff6b89e5b8c 521->530 546 7ff6b89e5f72-7ff6b89e5f93 529->546 547 7ff6b89e6034-7ff6b89e605e call 7ff6b89e55f0 call 7ff6b89e55e0 call 7ff6b89e55e8 529->547 589 7ff6b89e5db6-7ff6b89e5dba 530->589 537 7ff6b89e616b-7ff6b89e616e 531->537 534 7ff6b89e6115-7ff6b89e6128 call 7ff6b89dd66c 532->534 535 7ff6b89e60e0 532->535 556 7ff6b89e6133-7ff6b89e614e call 7ff6b89e15e8 534->556 557 7ff6b89e612a 534->557 538 7ff6b89e60e3 535->538 537->538 539 7ff6b89e6174-7ff6b89e617c call 7ff6b89e5c70 537->539 544 7ff6b89e60e8-7ff6b89e6114 call 7ff6b89da9b8 call 7ff6b89cc5c0 538->544 545 7ff6b89e60e3 call 7ff6b89e5eec 538->545 539->544 545->544 551 7ff6b89e5f95-7ff6b89e5f9b 546->551 552 7ff6b89e5f9e-7ff6b89e5fa5 546->552 551->552 559 7ff6b89e5fa7-7ff6b89e5faf 552->559 560 7ff6b89e5fb9 552->560 574 7ff6b89e6155-7ff6b89e6167 call 7ff6b89da9b8 556->574 575 7ff6b89e6150-7ff6b89e6153 556->575 564 7ff6b89e612c-7ff6b89e6131 call 7ff6b89da9b8 557->564 559->560 567 7ff6b89e5fb1-7ff6b89e5fb7 559->567 570 7ff6b89e5fbb-7ff6b89e602f call 7ff6b89ea540 * 4 call 7ff6b89e2bcc call 7ff6b89e6184 * 2 560->570 564->535 567->570 570->547 574->537 575->564 591 7ff6b89e5dc0-7ff6b89e5dc4 589->591 592 7ff6b89e5dbc 589->592 591->589 594 7ff6b89e5dc6-7ff6b89e5deb call 7ff6b89d6bc8 591->594 592->591 600 7ff6b89e5dee-7ff6b89e5df2 594->600 602 7ff6b89e5df4-7ff6b89e5dff 600->602 603 7ff6b89e5e01-7ff6b89e5e05 600->603 602->603 605 7ff6b89e5e07-7ff6b89e5e0b 602->605 603->600 608 7ff6b89e5e0d-7ff6b89e5e35 call 7ff6b89d6bc8 605->608 609 7ff6b89e5e8c-7ff6b89e5e90 605->609 618 7ff6b89e5e53-7ff6b89e5e57 608->618 619 7ff6b89e5e37 608->619 610 7ff6b89e5e92-7ff6b89e5e94 609->610 611 7ff6b89e5e97-7ff6b89e5ea4 609->611 610->611 613 7ff6b89e5ebf-7ff6b89e5ece call 7ff6b89e55f0 call 7ff6b89e55e0 611->613 614 7ff6b89e5ea6-7ff6b89e5ebc call 7ff6b89e5b8c 611->614 613->484 614->613 618->609 622 7ff6b89e5e59-7ff6b89e5e77 call 7ff6b89d6bc8 618->622 620 7ff6b89e5e3a-7ff6b89e5e41 619->620 620->618 624 7ff6b89e5e43-7ff6b89e5e51 620->624 629 7ff6b89e5e83-7ff6b89e5e8a 622->629 624->618 624->620 629->609 630 7ff6b89e5e79-7ff6b89e5e7d 629->630 630->609 631 7ff6b89e5e7f 630->631 631->629
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6B89E5CB5
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89E5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B89E561C
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89DA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6B89E2D92,?,?,?,00007FF6B89E2DCF,?,?,00000000,00007FF6B89E3295,?,?,?,00007FF6B89E31C7), ref: 00007FF6B89DA9CE
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89DA9B8: GetLastError.KERNEL32(?,?,?,00007FF6B89E2D92,?,?,?,00007FF6B89E2DCF,?,?,00000000,00007FF6B89E3295,?,?,?,00007FF6B89E31C7), ref: 00007FF6B89DA9D8
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89DA970: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF6B89DA94F,?,?,?,?,?,00007FF6B89DA83A), ref: 00007FF6B89DA979
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89DA970: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF6B89DA94F,?,?,?,?,?,00007FF6B89DA83A), ref: 00007FF6B89DA99E
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6B89E5CA4
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89E5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B89E567C
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6B89E5F1A
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6B89E5F2B
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6B89E5F3C
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6B89E617C), ref: 00007FF6B89E5F63
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                              • API String ID: 4070488512-239921721
                                                                                                                                                                                                              • Opcode ID: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                              • Instruction ID: 9c632687e775b963ca13edd6290e01e2feb718a6972b032240c4babfc9cd8bb1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76424cc0ec02945f4fd2ccc640ea60475aa997d4131cc6c9dd67359800dfdabb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 35D1CF22A2824386EF24BF3ED8511B96B91FF54786F448135EB4DC769BDE3CE4468348
                                                                                                                                                                                                              Function 00007FF6B89E69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 691 7ff6b89e69d4-7ff6b89e6a47 call 7ff6b89e6708 694 7ff6b89e6a61-7ff6b89e6a6b call 7ff6b89d8590 691->694 695 7ff6b89e6a49-7ff6b89e6a52 call 7ff6b89d4f58 691->695 701 7ff6b89e6a6d-7ff6b89e6a84 call 7ff6b89d4f58 call 7ff6b89d4f78 694->701 702 7ff6b89e6a86-7ff6b89e6aef CreateFileW 694->702 700 7ff6b89e6a55-7ff6b89e6a5c call 7ff6b89d4f78 695->700 717 7ff6b89e6da2-7ff6b89e6dc2 700->717 701->700 703 7ff6b89e6af1-7ff6b89e6af7 702->703 704 7ff6b89e6b6c-7ff6b89e6b77 GetFileType 702->704 707 7ff6b89e6b39-7ff6b89e6b67 GetLastError call 7ff6b89d4eec 703->707 708 7ff6b89e6af9-7ff6b89e6afd 703->708 710 7ff6b89e6bca-7ff6b89e6bd1 704->710 711 7ff6b89e6b79-7ff6b89e6bb4 GetLastError call 7ff6b89d4eec CloseHandle 704->711 707->700 708->707 715 7ff6b89e6aff-7ff6b89e6b37 CreateFileW 708->715 713 7ff6b89e6bd3-7ff6b89e6bd7 710->713 714 7ff6b89e6bd9-7ff6b89e6bdc 710->714 711->700 726 7ff6b89e6bba-7ff6b89e6bc5 call 7ff6b89d4f78 711->726 721 7ff6b89e6be2-7ff6b89e6c37 call 7ff6b89d84a8 713->721 714->721 722 7ff6b89e6bde 714->722 715->704 715->707 729 7ff6b89e6c56-7ff6b89e6c87 call 7ff6b89e6488 721->729 730 7ff6b89e6c39-7ff6b89e6c45 call 7ff6b89e6910 721->730 722->721 726->700 736 7ff6b89e6c8d-7ff6b89e6ccf 729->736 737 7ff6b89e6c89-7ff6b89e6c8b 729->737 730->729 738 7ff6b89e6c47 730->738 740 7ff6b89e6cf1-7ff6b89e6cfc 736->740 741 7ff6b89e6cd1-7ff6b89e6cd5 736->741 739 7ff6b89e6c49-7ff6b89e6c51 call 7ff6b89dab30 737->739 738->739 739->717 743 7ff6b89e6d02-7ff6b89e6d06 740->743 744 7ff6b89e6da0 740->744 741->740 742 7ff6b89e6cd7-7ff6b89e6cec 741->742 742->740 743->744 746 7ff6b89e6d0c-7ff6b89e6d51 CloseHandle CreateFileW 743->746 744->717 748 7ff6b89e6d53-7ff6b89e6d81 GetLastError call 7ff6b89d4eec call 7ff6b89d86d0 746->748 749 7ff6b89e6d86-7ff6b89e6d9b 746->749 748->749 749->744
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                              • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                              • Instruction ID: d08b37e974f67c1b9c1f2b9c34806b5c3088f19ad6fbca1a7c1a286b2174d0f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDC1B036B28A4285EF11EF7DC4902AC3B61F749BAAB015235DB2E97796CF38D056C304
                                                                                                                                                                                                              Function 00007FF6B89E5EEC Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 957 7ff6b89e5eec-7ff6b89e5f21 call 7ff6b89e55f8 call 7ff6b89e5600 call 7ff6b89e5668 964 7ff6b89e605f-7ff6b89e60cd call 7ff6b89da970 call 7ff6b89e15e8 957->964 965 7ff6b89e5f27-7ff6b89e5f32 call 7ff6b89e5608 957->965 977 7ff6b89e60cf-7ff6b89e60d6 964->977 978 7ff6b89e60db-7ff6b89e60de 964->978 965->964 970 7ff6b89e5f38-7ff6b89e5f43 call 7ff6b89e5638 965->970 970->964 976 7ff6b89e5f49-7ff6b89e5f6c call 7ff6b89da9b8 GetTimeZoneInformation 970->976 990 7ff6b89e5f72-7ff6b89e5f93 976->990 991 7ff6b89e6034-7ff6b89e605e call 7ff6b89e55f0 call 7ff6b89e55e0 call 7ff6b89e55e8 976->991 982 7ff6b89e616b-7ff6b89e616e 977->982 980 7ff6b89e6115-7ff6b89e6128 call 7ff6b89dd66c 978->980 981 7ff6b89e60e0 978->981 998 7ff6b89e6133-7ff6b89e614e call 7ff6b89e15e8 980->998 999 7ff6b89e612a 980->999 983 7ff6b89e60e3 981->983 982->983 984 7ff6b89e6174-7ff6b89e617c call 7ff6b89e5c70 982->984 988 7ff6b89e60e8-7ff6b89e6114 call 7ff6b89da9b8 call 7ff6b89cc5c0 983->988 989 7ff6b89e60e3 call 7ff6b89e5eec 983->989 984->988 989->988 994 7ff6b89e5f95-7ff6b89e5f9b 990->994 995 7ff6b89e5f9e-7ff6b89e5fa5 990->995 994->995 1001 7ff6b89e5fa7-7ff6b89e5faf 995->1001 1002 7ff6b89e5fb9 995->1002 1014 7ff6b89e6155-7ff6b89e6167 call 7ff6b89da9b8 998->1014 1015 7ff6b89e6150-7ff6b89e6153 998->1015 1005 7ff6b89e612c-7ff6b89e6131 call 7ff6b89da9b8 999->1005 1001->1002 1008 7ff6b89e5fb1-7ff6b89e5fb7 1001->1008 1010 7ff6b89e5fbb-7ff6b89e602f call 7ff6b89ea540 * 4 call 7ff6b89e2bcc call 7ff6b89e6184 * 2 1002->1010 1005->981 1008->1010 1010->991 1014->982 1015->1005
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6B89E5F1A
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89E5668: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B89E567C
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6B89E5F2B
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89E5608: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B89E561C
                                                                                                                                                                                                              • _get_daylight.LIBCMT ref: 00007FF6B89E5F3C
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89E5638: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B89E564C
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89DA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6B89E2D92,?,?,?,00007FF6B89E2DCF,?,?,00000000,00007FF6B89E3295,?,?,?,00007FF6B89E31C7), ref: 00007FF6B89DA9CE
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89DA9B8: GetLastError.KERNEL32(?,?,?,00007FF6B89E2D92,?,?,?,00007FF6B89E2DCF,?,?,00000000,00007FF6B89E3295,?,?,?,00007FF6B89E31C7), ref: 00007FF6B89DA9D8
                                                                                                                                                                                                              • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF6B89E617C), ref: 00007FF6B89E5F63
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                              • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                                              • API String ID: 3458911817-239921721
                                                                                                                                                                                                              • Opcode ID: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                              • Instruction ID: cfeacc2b426982d31dec4e8e31d6dbc529a3b95529be5977638d30f24e616451
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8084827ab6892e9bf44fc7ae7df730cc4e836e683a41a1d7f4ca7a201d78ec16
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C518232A2864386EB20FF3ED8815A96B61BB58786F444135EB4DC7697DF3CE4068748
                                                                                                                                                                                                              Function 00007FF6B89C92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                              • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                              • Instruction ID: 59e5ddf8ccef7d3d1c80e1f9f283e9121be6db81e24f4092fd1c0d53042ce33f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F04422A1864386FB609B7CB44976A6750BB8876AF040235DB6D476D6DF3CD04A8B04
                                                                                                                                                                                                              Function 00007FF6B89E0938 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1010374628-0
                                                                                                                                                                                                              • Opcode ID: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                              • Instruction ID: 5ad2284f6afcb8bc1fbb1a1b87f7009eda3c477166c33740ad421144f801c02d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 10bf4b1f0472125ada9b1d6b923a92a2d49e498fcbab652d34985a7b27debbff
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 38028B21A2AA4340FE66BB3D94502792A90BF45B93F454A34DF9DC77D3DE3CA4578308
                                                                                                                                                                                                              Function 00007FF6B89C1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 329 7ff6b89c1950-7ff6b89c198b call 7ff6b89c45b0 332 7ff6b89c1991-7ff6b89c19d1 call 7ff6b89c7f80 329->332 333 7ff6b89c1c4e-7ff6b89c1c72 call 7ff6b89cc5c0 329->333 338 7ff6b89c19d7-7ff6b89c19e7 call 7ff6b89d0744 332->338 339 7ff6b89c1c3b-7ff6b89c1c3e call 7ff6b89d00bc 332->339 344 7ff6b89c19e9-7ff6b89c1a03 call 7ff6b89d4f78 call 7ff6b89c2910 338->344 345 7ff6b89c1a08-7ff6b89c1a24 call 7ff6b89d040c 338->345 343 7ff6b89c1c43-7ff6b89c1c4b 339->343 343->333 344->339 351 7ff6b89c1a45-7ff6b89c1a5a call 7ff6b89d4f98 345->351 352 7ff6b89c1a26-7ff6b89c1a40 call 7ff6b89d4f78 call 7ff6b89c2910 345->352 358 7ff6b89c1a5c-7ff6b89c1a76 call 7ff6b89d4f78 call 7ff6b89c2910 351->358 359 7ff6b89c1a7b-7ff6b89c1afc call 7ff6b89c1c80 * 2 call 7ff6b89d0744 351->359 352->339 358->339 371 7ff6b89c1b01-7ff6b89c1b14 call 7ff6b89d4fb4 359->371 374 7ff6b89c1b35-7ff6b89c1b4e call 7ff6b89d040c 371->374 375 7ff6b89c1b16-7ff6b89c1b30 call 7ff6b89d4f78 call 7ff6b89c2910 371->375 381 7ff6b89c1b50-7ff6b89c1b6a call 7ff6b89d4f78 call 7ff6b89c2910 374->381 382 7ff6b89c1b6f-7ff6b89c1b8b call 7ff6b89d0180 374->382 375->339 381->339 388 7ff6b89c1b9e-7ff6b89c1bac 382->388 389 7ff6b89c1b8d-7ff6b89c1b99 call 7ff6b89c2710 382->389 388->339 392 7ff6b89c1bb2-7ff6b89c1bb9 388->392 389->339 395 7ff6b89c1bc1-7ff6b89c1bc7 392->395 396 7ff6b89c1be0-7ff6b89c1bef 395->396 397 7ff6b89c1bc9-7ff6b89c1bd6 395->397 396->396 398 7ff6b89c1bf1-7ff6b89c1bfa 396->398 397->398 399 7ff6b89c1c0f 398->399 400 7ff6b89c1bfc-7ff6b89c1bff 398->400 402 7ff6b89c1c11-7ff6b89c1c24 399->402 400->399 401 7ff6b89c1c01-7ff6b89c1c04 400->401 401->399 405 7ff6b89c1c06-7ff6b89c1c09 401->405 403 7ff6b89c1c26 402->403 404 7ff6b89c1c2d-7ff6b89c1c39 402->404 403->404 404->339 404->395 405->399 406 7ff6b89c1c0b-7ff6b89c1c0d 405->406 406->402
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C7F80: _fread_nolock.LIBCMT ref: 00007FF6B89C802A
                                                                                                                                                                                                              • _fread_nolock.LIBCMT ref: 00007FF6B89C1A1B
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6B89C1B6A), ref: 00007FF6B89C295E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2397952137-3497178890
                                                                                                                                                                                                              • Opcode ID: 6131f22979fb602daa1a58a3720f236f34d84e0b4625cf851c0130f8f3cebb41
                                                                                                                                                                                                              • Instruction ID: 325a1f98b7548f93e4caf0324f1ac2d714d72f30d6de4be9a4d339fa2ee995f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6131f22979fb602daa1a58a3720f236f34d84e0b4625cf851c0130f8f3cebb41
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17815B71A1868786EF60EB3CD4412B927A0AF48786F444431EB8DC779BDE2DE5478B4C
                                                                                                                                                                                                              Function 00007FF6B89C1600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 407 7ff6b89c1600-7ff6b89c1611 408 7ff6b89c1613-7ff6b89c161c call 7ff6b89c1050 407->408 409 7ff6b89c1637-7ff6b89c1651 call 7ff6b89c45b0 407->409 414 7ff6b89c162e-7ff6b89c1636 408->414 415 7ff6b89c161e-7ff6b89c1629 call 7ff6b89c2710 408->415 416 7ff6b89c1653-7ff6b89c1681 call 7ff6b89d4f78 call 7ff6b89c2910 409->416 417 7ff6b89c1682-7ff6b89c169c call 7ff6b89c45b0 409->417 415->414 424 7ff6b89c169e-7ff6b89c16b3 call 7ff6b89c2710 417->424 425 7ff6b89c16b8-7ff6b89c16cf call 7ff6b89d0744 417->425 431 7ff6b89c1821-7ff6b89c1824 call 7ff6b89d00bc 424->431 432 7ff6b89c16d1-7ff6b89c16f4 call 7ff6b89d4f78 call 7ff6b89c2910 425->432 433 7ff6b89c16f9-7ff6b89c16fd 425->433 440 7ff6b89c1829-7ff6b89c183b 431->440 446 7ff6b89c1819-7ff6b89c181c call 7ff6b89d00bc 432->446 434 7ff6b89c16ff-7ff6b89c170b call 7ff6b89c1210 433->434 435 7ff6b89c1717-7ff6b89c1737 call 7ff6b89d4fb4 433->435 443 7ff6b89c1710-7ff6b89c1712 434->443 447 7ff6b89c1761-7ff6b89c176c 435->447 448 7ff6b89c1739-7ff6b89c175c call 7ff6b89d4f78 call 7ff6b89c2910 435->448 443->446 446->431 451 7ff6b89c1802-7ff6b89c180a call 7ff6b89d4fa0 447->451 452 7ff6b89c1772-7ff6b89c1777 447->452 460 7ff6b89c180f-7ff6b89c1814 448->460 451->460 453 7ff6b89c1780-7ff6b89c17a2 call 7ff6b89d040c 452->453 462 7ff6b89c17a4-7ff6b89c17bc call 7ff6b89d0b4c 453->462 463 7ff6b89c17da-7ff6b89c17e6 call 7ff6b89d4f78 453->463 460->446 468 7ff6b89c17be-7ff6b89c17c1 462->468 469 7ff6b89c17c5-7ff6b89c17d8 call 7ff6b89d4f78 462->469 470 7ff6b89c17ed-7ff6b89c17f8 call 7ff6b89c2910 463->470 468->453 471 7ff6b89c17c3 468->471 469->470 475 7ff6b89c17fd 470->475 471->475 475->451
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-1550345328
                                                                                                                                                                                                              • Opcode ID: c74b183492ef537dc1c41b7527725f75c115d49e855bc25f8c1e55d00cf8c8f1
                                                                                                                                                                                                              • Instruction ID: f171854770140d8f03be5aa5014126318aca1048205505fdb4c82762bc567acb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c74b183492ef537dc1c41b7527725f75c115d49e855bc25f8c1e55d00cf8c8f1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45519921B0864792EE10BB7DA5401A963A0BF44B96F844531EF4C877A3DF3DE55A8B0C
                                                                                                                                                                                                              Function 00007FF6B89C8850 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetTempPathW.KERNEL32(?,?,00000000,00007FF6B89C3CBB), ref: 00007FF6B89C88F4
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00007FF6B89C3CBB), ref: 00007FF6B89C88FA
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(?,00000000,00007FF6B89C3CBB), ref: 00007FF6B89C893C
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8A20: GetEnvironmentVariableW.KERNEL32(00007FF6B89C388E), ref: 00007FF6B89C8A57
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8A20: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF6B89C8A79
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89D82A8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B89D82C1
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2810: MessageBoxW.USER32 ref: 00007FF6B89C28EA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                                              • API String ID: 3563477958-1339014028
                                                                                                                                                                                                              • Opcode ID: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                              • Instruction ID: 39070cd5de4cd342ed5ac73935223d9e55e86ee6cc4b3eb64f28571041b2891a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e349524156a31c65ddba45994ef87c37bf84ce1b0e485ec316371ea64373d4f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99419F11A1964395FE50BB7EA8552BA1290AF89BC2F800031EF0DE7797DE3DE5078B08
                                                                                                                                                                                                              Function 00007FF6B89C1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 754 7ff6b89c1210-7ff6b89c126d call 7ff6b89cbdf0 757 7ff6b89c126f-7ff6b89c1296 call 7ff6b89c2710 754->757 758 7ff6b89c1297-7ff6b89c12af call 7ff6b89d4fb4 754->758 763 7ff6b89c12b1-7ff6b89c12cf call 7ff6b89d4f78 call 7ff6b89c2910 758->763 764 7ff6b89c12d4-7ff6b89c12e4 call 7ff6b89d4fb4 758->764 777 7ff6b89c1439-7ff6b89c144e call 7ff6b89cbad0 call 7ff6b89d4fa0 * 2 763->777 769 7ff6b89c1309-7ff6b89c131b 764->769 770 7ff6b89c12e6-7ff6b89c1304 call 7ff6b89d4f78 call 7ff6b89c2910 764->770 773 7ff6b89c1320-7ff6b89c1345 call 7ff6b89d040c 769->773 770->777 783 7ff6b89c1431 773->783 784 7ff6b89c134b-7ff6b89c1355 call 7ff6b89d0180 773->784 791 7ff6b89c1453-7ff6b89c146d 777->791 783->777 784->783 790 7ff6b89c135b-7ff6b89c1367 784->790 792 7ff6b89c1370-7ff6b89c1398 call 7ff6b89ca230 790->792 795 7ff6b89c1416-7ff6b89c142c call 7ff6b89c2710 792->795 796 7ff6b89c139a-7ff6b89c139d 792->796 795->783 797 7ff6b89c1411 796->797 798 7ff6b89c139f-7ff6b89c13a9 796->798 797->795 800 7ff6b89c13d4-7ff6b89c13d7 798->800 801 7ff6b89c13ab-7ff6b89c13b9 call 7ff6b89d0b4c 798->801 803 7ff6b89c13d9-7ff6b89c13e7 call 7ff6b89e9ea0 800->803 804 7ff6b89c13ea-7ff6b89c13ef 800->804 806 7ff6b89c13be-7ff6b89c13c1 801->806 803->804 804->792 805 7ff6b89c13f5-7ff6b89c13f8 804->805 808 7ff6b89c140c-7ff6b89c140f 805->808 809 7ff6b89c13fa-7ff6b89c13fd 805->809 810 7ff6b89c13cf-7ff6b89c13d2 806->810 811 7ff6b89c13c3-7ff6b89c13cd call 7ff6b89d0180 806->811 808->783 809->795 813 7ff6b89c13ff-7ff6b89c1407 809->813 810->795 811->804 811->810 813->773
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-2813020118
                                                                                                                                                                                                              • Opcode ID: 4135646233a09d1bafe58e36eb504b74d27aad0b28d423605d6bf35aaf273347
                                                                                                                                                                                                              • Instruction ID: ddacbe4f89afc29ae3f8b0f9e5a9f06bb23b704c2ea11135194f01930fe32bf2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4135646233a09d1bafe58e36eb504b74d27aad0b28d423605d6bf35aaf273347
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1251C522A0864385EE60BB3DA4403BA6691BF45796F444131EF4D87BD7EE3DE547CB08
                                                                                                                                                                                                              Function 00007FF6B89C36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF6B89C3804), ref: 00007FF6B89C36E1
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C3804), ref: 00007FF6B89C36EB
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B89C3706,?,00007FF6B89C3804), ref: 00007FF6B89C2C9E
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B89C3706,?,00007FF6B89C3804), ref: 00007FF6B89C2D63
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2C50: MessageBoxW.USER32 ref: 00007FF6B89C2D99
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                              • API String ID: 3187769757-2863816727
                                                                                                                                                                                                              • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                              • Instruction ID: 9bbc9939f26fad8f8a94428238d5ca36628f64ae1656f0f886f58c7f0eccbe1d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F210C51A2C64385FE21B73DE8152B62250BF5835BF404131D76EC75D7EE2DE60A9B08
                                                                                                                                                                                                              Function 00007FF6B89DBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 844 7ff6b89dbacc-7ff6b89dbaf2 845 7ff6b89dbaf4-7ff6b89dbb08 call 7ff6b89d4f58 call 7ff6b89d4f78 844->845 846 7ff6b89dbb0d-7ff6b89dbb11 844->846 862 7ff6b89dbefe 845->862 848 7ff6b89dbee7-7ff6b89dbef3 call 7ff6b89d4f58 call 7ff6b89d4f78 846->848 849 7ff6b89dbb17-7ff6b89dbb1e 846->849 865 7ff6b89dbef9 call 7ff6b89da950 848->865 849->848 851 7ff6b89dbb24-7ff6b89dbb52 849->851 851->848 854 7ff6b89dbb58-7ff6b89dbb5f 851->854 857 7ff6b89dbb61-7ff6b89dbb73 call 7ff6b89d4f58 call 7ff6b89d4f78 854->857 858 7ff6b89dbb78-7ff6b89dbb7b 854->858 857->865 860 7ff6b89dbee3-7ff6b89dbee5 858->860 861 7ff6b89dbb81-7ff6b89dbb87 858->861 866 7ff6b89dbf01-7ff6b89dbf18 860->866 861->860 867 7ff6b89dbb8d-7ff6b89dbb90 861->867 862->866 865->862 867->857 871 7ff6b89dbb92-7ff6b89dbbb7 867->871 873 7ff6b89dbbea-7ff6b89dbbf1 871->873 874 7ff6b89dbbb9-7ff6b89dbbbb 871->874 875 7ff6b89dbbf3-7ff6b89dbc1b call 7ff6b89dd66c call 7ff6b89da9b8 * 2 873->875 876 7ff6b89dbbc6-7ff6b89dbbdd call 7ff6b89d4f58 call 7ff6b89d4f78 call 7ff6b89da950 873->876 877 7ff6b89dbbe2-7ff6b89dbbe8 874->877 878 7ff6b89dbbbd-7ff6b89dbbc4 874->878 905 7ff6b89dbc1d-7ff6b89dbc33 call 7ff6b89d4f78 call 7ff6b89d4f58 875->905 906 7ff6b89dbc38-7ff6b89dbc63 call 7ff6b89dc2f4 875->906 910 7ff6b89dbd70 876->910 879 7ff6b89dbc68-7ff6b89dbc7f 877->879 878->876 878->877 882 7ff6b89dbc81-7ff6b89dbc89 879->882 883 7ff6b89dbcfa-7ff6b89dbd04 call 7ff6b89e398c 879->883 882->883 886 7ff6b89dbc8b-7ff6b89dbc8d 882->886 896 7ff6b89dbd8e 883->896 897 7ff6b89dbd0a-7ff6b89dbd1f 883->897 886->883 890 7ff6b89dbc8f-7ff6b89dbca5 886->890 890->883 894 7ff6b89dbca7-7ff6b89dbcb3 890->894 894->883 899 7ff6b89dbcb5-7ff6b89dbcb7 894->899 901 7ff6b89dbd93-7ff6b89dbdb3 ReadFile 896->901 897->896 902 7ff6b89dbd21-7ff6b89dbd33 GetConsoleMode 897->902 899->883 904 7ff6b89dbcb9-7ff6b89dbcd1 899->904 907 7ff6b89dbead-7ff6b89dbeb6 GetLastError 901->907 908 7ff6b89dbdb9-7ff6b89dbdc1 901->908 902->896 909 7ff6b89dbd35-7ff6b89dbd3d 902->909 904->883 915 7ff6b89dbcd3-7ff6b89dbcdf 904->915 905->910 906->879 912 7ff6b89dbed3-7ff6b89dbed6 907->912 913 7ff6b89dbeb8-7ff6b89dbece call 7ff6b89d4f78 call 7ff6b89d4f58 907->913 908->907 917 7ff6b89dbdc7 908->917 909->901 911 7ff6b89dbd3f-7ff6b89dbd61 ReadConsoleW 909->911 914 7ff6b89dbd73-7ff6b89dbd7d call 7ff6b89da9b8 910->914 919 7ff6b89dbd63 GetLastError 911->919 920 7ff6b89dbd82-7ff6b89dbd8c 911->920 924 7ff6b89dbedc-7ff6b89dbede 912->924 925 7ff6b89dbd69-7ff6b89dbd6b call 7ff6b89d4eec 912->925 913->910 914->866 915->883 923 7ff6b89dbce1-7ff6b89dbce3 915->923 927 7ff6b89dbdce-7ff6b89dbde3 917->927 919->925 920->927 923->883 932 7ff6b89dbce5-7ff6b89dbcf5 923->932 924->914 925->910 927->914 934 7ff6b89dbde5-7ff6b89dbdf0 927->934 932->883 937 7ff6b89dbdf2-7ff6b89dbe0b call 7ff6b89db6e4 934->937 938 7ff6b89dbe17-7ff6b89dbe1f 934->938 944 7ff6b89dbe10-7ff6b89dbe12 937->944 940 7ff6b89dbe21-7ff6b89dbe33 938->940 941 7ff6b89dbe9b-7ff6b89dbea8 call 7ff6b89db524 938->941 945 7ff6b89dbe35 940->945 946 7ff6b89dbe8e-7ff6b89dbe96 940->946 941->944 944->914 948 7ff6b89dbe3a-7ff6b89dbe41 945->948 946->914 949 7ff6b89dbe43-7ff6b89dbe47 948->949 950 7ff6b89dbe7d-7ff6b89dbe88 948->950 951 7ff6b89dbe63 949->951 952 7ff6b89dbe49-7ff6b89dbe50 949->952 950->946 954 7ff6b89dbe69-7ff6b89dbe79 951->954 952->951 953 7ff6b89dbe52-7ff6b89dbe56 952->953 953->951 955 7ff6b89dbe58-7ff6b89dbe61 953->955 954->948 956 7ff6b89dbe7b 954->956 955->954 956->946
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                              • Instruction ID: 65702a074f8c5c2daf1091cca84bed673a6e00553a125be666fe3c2897204614
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 71330427dde7a49afb2283bb308656113f98e0c66a4f806cd66398b14c9322eb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DC1B06294868781EF61AB3D94402BD6BA0FB81B82F554131EB4E837A3CF7CE457875C
                                                                                                                                                                                                              Function 00007FF6B89C8760 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 995526605-0
                                                                                                                                                                                                              • Opcode ID: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                              • Instruction ID: 912ff3ee9080a712826ecfc5529b33235ebbde2657fb849586db079364eaa2d9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ccba17952e233d5b695068aab9421341a55ed3ebff0a2a14ee99ad80d8ea5500
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 22212821A0C64391DF10AB6DF454229A7A0FB857A2F100235D76D93AE7DE6DD4468B44
                                                                                                                                                                                                              Function 00007FF6B89C90E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8760: GetCurrentProcess.KERNEL32 ref: 00007FF6B89C8780
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8760: OpenProcessToken.ADVAPI32 ref: 00007FF6B89C8793
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8760: GetTokenInformation.KERNELBASE ref: 00007FF6B89C87B8
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8760: GetLastError.KERNEL32 ref: 00007FF6B89C87C2
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8760: GetTokenInformation.KERNELBASE ref: 00007FF6B89C8802
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8760: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF6B89C881E
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C8760: CloseHandle.KERNEL32 ref: 00007FF6B89C8836
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00007FF6B89C3C55), ref: 00007FF6B89C916C
                                                                                                                                                                                                              • LocalFree.KERNEL32(?,00007FF6B89C3C55), ref: 00007FF6B89C9175
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                                              • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                                              • API String ID: 6828938-1529539262
                                                                                                                                                                                                              • Opcode ID: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                              • Instruction ID: b05bf122bf8e3686780a12d3375ea8e4d1fa60ba704875a2a52fcbc672df9479
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 44a76ac2d965b652da6d7152683ffc914eb32e79e00aec7a7a922ce7c9633e88
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62215C21A1868385EE10BB3CE5152EA6660FF88782F440035EB4DD7787DF3DD9068B48
                                                                                                                                                                                                              Function 00007FF6B89C7E10 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CreateDirectoryW.KERNELBASE(00000000,?,00007FF6B89C352C,?,00000000,00007FF6B89C3F23), ref: 00007FF6B89C7F22
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CreateDirectory
                                                                                                                                                                                                              • String ID: %.*s$%s%c$\
                                                                                                                                                                                                              • API String ID: 4241100979-1685191245
                                                                                                                                                                                                              • Opcode ID: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                              • Instruction ID: 395edc12b299bdd02f02f9e3234a0ab3367993100d04c78dbb4e24f9d247b915
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b1106a047486010b66b16d7d561c3e0e79f8eec2dc114c611d5a943da294bb6a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B231FC216199C795EF21AB3DA4503AA6354EF44BE6F440231EB5DC37CBDE2CD2068B04
                                                                                                                                                                                                              Function 00007FF6B89DCFD0 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B89DCFBB), ref: 00007FF6B89DD0EC
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B89DCFBB), ref: 00007FF6B89DD177
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ConsoleErrorLastMode
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 953036326-0
                                                                                                                                                                                                              • Opcode ID: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                              • Instruction ID: 5f50a05e528f84bc7d9c201e16a86be07a0f60d6d21495b9838b6e4b7dea5032
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6e58aef6e17acf8d0a0aea0d946e1cce7a25eacb923cf4c64ad3114965f560b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4091B222B5865396FB64AF7D94402BD2BA0EB44B8AF145135DF0EA7686CE3CD447C708
                                                                                                                                                                                                              Function 00007FF6B89DF9FC Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _get_daylight$_isindst
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4170891091-0
                                                                                                                                                                                                              • Opcode ID: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                              • Instruction ID: 62d6a018a8fff87717dca982f73ae3959a0191f2c4d4e3095ecb8be4e7cc28a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d98307b2f9efdc6516e3695475c092fba069f5f92b05f4e8f1f7e1348ba3a44
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B851A372F0811286EF18EF3C99566BC26A1AB5435AF514135DF1DD3AE6DF3CA4438708
                                                                                                                                                                                                              Function 00007FF6B89D57EC Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2780335769-0
                                                                                                                                                                                                              • Opcode ID: 76e5ec389a761054d6dca2d633b3b1debb0125942bc8cb6b4d903665fcb6299d
                                                                                                                                                                                                              • Instruction ID: 20247b72f913197b7712f83bef1c4ee5d949bb04103922b6755081597b77e9b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76e5ec389a761054d6dca2d633b3b1debb0125942bc8cb6b4d903665fcb6299d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C519D22E086428AFF10EFBDD4503BD27A1BB48B9AF549435DF4D9768ADF38D4428708
                                                                                                                                                                                                              Function 00007FF6B89D5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                              • Opcode ID: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                              • Instruction ID: f60d63e9b134f2efdff561369df90a434d897112eb583d7a0fa1ab7ca0e79875
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24238bc47b860f74abc13910c6a37bc7991964e3dbe0c30fb6d15975fbdc4001
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B41A422E5878387EB50AB7895103796260FB947A5F108334EB9C47AD3DF6CE4E28708
                                                                                                                                                                                                              Function 00007FF6B89CCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3251591375-0
                                                                                                                                                                                                              • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                              • Instruction ID: 1b5161831eaec7b6bc408c9d37349be525c611c39b6871e81f414b555229af60
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A316D10E4820351FE24BB3C94613B91B91AF4178AF454434DB5ECB6D3DE2EA807CB5C
                                                                                                                                                                                                              Function 00007FF6B89D01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                              • Instruction ID: a5a680525b4838fa2a1324a944b83f28752070a0dcb80d8f3bbca47bb4617f2f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F251B762B4924B86FE28AA3E940067E6591BB44BA6F144734DF6D877D7CE3CD402870C
                                                                                                                                                                                                              Function 00007FF6B89DC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                              • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                              • Instruction ID: 5cd76396f7d7231ed8f6bdc49b55bf811a47c838b4457cfabebda57448a7c65d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17110162718A8381DE20AB3DA8041696361BB41BF5F540331EF7D8B7EACE3CD0028708
                                                                                                                                                                                                              Function 00007FF6B89D5994 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B89D58A9), ref: 00007FF6B89D59C7
                                                                                                                                                                                                              • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF6B89D58A9), ref: 00007FF6B89D59DD
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1707611234-0
                                                                                                                                                                                                              • Opcode ID: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                              • Instruction ID: d74fc3b825e664f759c19a46c91245b5e1245deca57512eca85311b6876e8dda
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3eb82881f56b5e10c0b4ae1229c4961d4f4fc58e8f6ff53d00dfea58f30bf4d5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81118F2265C65382EF54AB6CA44113EB7A0FB847A2F501235FB99C29D9EF3CD016CB08
                                                                                                                                                                                                              Function 00007FF6B89DA9B8 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • RtlFreeHeap.NTDLL(?,?,?,00007FF6B89E2D92,?,?,?,00007FF6B89E2DCF,?,?,00000000,00007FF6B89E3295,?,?,?,00007FF6B89E31C7), ref: 00007FF6B89DA9CE
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6B89E2D92,?,?,?,00007FF6B89E2DCF,?,?,00000000,00007FF6B89E3295,?,?,?,00007FF6B89E31C7), ref: 00007FF6B89DA9D8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                              • Opcode ID: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                              • Instruction ID: a14fac600b1e22087d60a17a593bc5d732df72c7d2080d465029b2e0033eb189
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4768bb9444967098c6ff0662bce39d003f3d6bed11959a3c87c06bce48e858a7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9EE08650F5960392FF087BBE944613812906F88743F040430CB1DE32B3DE2C6997831C
                                                                                                                                                                                                              Function 00007FF6B89DABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNELBASE(?,?,?,00007FF6B89DAA45,?,?,00000000,00007FF6B89DAAFA), ref: 00007FF6B89DAC36
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6B89DAA45,?,?,00000000,00007FF6B89DAAFA), ref: 00007FF6B89DAC40
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                              • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                              • Instruction ID: 8a1659144cc91d54386763514609f9b58b0a406a3bb8dade35b9cc38b1e2099b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6221A111B5C64346EEA8677D989027912D2AF847A2F084635EB2EC73E3CE6CA457830C
                                                                                                                                                                                                              Function 00007FF6B89DBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                              • Instruction ID: bf86024d8d0f11519781206d9d1db680d88b50df3bebae4c1a061052afca689f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 77f2f9c0c3853e5df4dc99a11e1b25eaa2aec769d06f52d5773e5caefc843251
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD419032A4820287EE34AA3DE54027977A4EB55B86F100135EB9AC7692CF2DE503CB5D
                                                                                                                                                                                                              Function 00007FF6B89C7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                              • Opcode ID: 20a1915374d9a45148f36cae7429d8e519dbe3a1c715783fd4ae813ac2a96e38
                                                                                                                                                                                                              • Instruction ID: 7dc9112ea97955ac0fcd2517ccbf0dbe83be49eec3fc8e1c66023222e3ca3381
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20a1915374d9a45148f36cae7429d8e519dbe3a1c715783fd4ae813ac2a96e38
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E216121B4965396FE10AA3E65047FA9651BB45BC5F8C4430EF4E9B787CE3EE0438B08
                                                                                                                                                                                                              Function 00007FF6B89DB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                              • Instruction ID: 83773f266723eb65632cc7bbd3c1a23f14f2b60da87e34efa533580843f4c736
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D31AD22A5864385EB517B7D884137C26A0AF40BA6F920535EB6D933E3CF7CE453872C
                                                                                                                                                                                                              Function 00007FF6B89D6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                              • Instruction ID: 632fffaf004b4ed99f1a2677ac763dfcb474f1bef3e25da5b9cb6458341f47cf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99119322A5C64381EE60BF7D940027EA2A0BF45B82F444531EB8CDBAA7DF3CD412870C
                                                                                                                                                                                                              Function 00007FF6B89E63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                              • Instruction ID: dd1d4e1b3873a1b2f65be2e6543fafc311f4ea6b4c3ab7af48adff08b56f9b0a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54218072628A4386DB62AF2CD4403797AA1FB84B96F144234E79DC76DADF3CD406CB04
                                                                                                                                                                                                              Function 00007FF6B89D042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                              • Instruction ID: f6da23bb0c830b609822ed643b6611299591b872ab97336a512e33dc2b719911
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06018E21A4874740EE04AB6E9901469A691BF95FE1B088631EF6C97BE7DE3CE412430C
                                                                                                                                                                                                              Function 00007FF6B89D7F6C Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                              • Instruction ID: c6df556383a0f2d6d3c40392d45937bd15e0b9b9ae8e1b406c8f20f7563e68d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6832eb5f98ca96f5e7cd25db8366a3c1a8b2d6b45623d2691d830cdd3d76c9ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B701A920A8D68790FE617A7D66011796290AF08792F044935EB6CC36C7DF2CA443830D
                                                                                                                                                                                                              Function 00007FF6B89D82A8 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                              • Instruction ID: 57f2dfefdddaf780a1d4b9eb2fd0c5797aa57b6693618b78ff7cee1bca049123
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3541b91b086c77dfe17527b78ee7977ece0d5fdea915d925a3ffaee66e22a6c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70E012A4E88607C6FF143ABD498217921505F55383F454C30EB08E72D3DE2C685B572D
                                                                                                                                                                                                              Function 00007FF6B89DEC08 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,00000000,00007FF6B89DB39A,?,?,?,00007FF6B89D4F81,?,?,?,?,00007FF6B89DA4FA), ref: 00007FF6B89DEC5D
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                              • Opcode ID: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                              • Instruction ID: 403bcec9680cfa36a344359a66761a2f062f272977b471df396ebc3bfa41f378
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 359dceec71bad03d682dc04f56d48d79ef81111e86adbc932549883800f831e6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4EF04F64B8960781FE557A7D58522B952905F54B82F4C5434CB0DC72D3DD1CA483432C
                                                                                                                                                                                                              Function 00007FF6B89DD66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF6B89D0D00,?,?,?,00007FF6B89D236A,?,?,?,?,?,00007FF6B89D3B59), ref: 00007FF6B89DD6AA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                              • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                              • Instruction ID: 4fa0e8a44ffcbc1e433dd7f2eb7f67e843579e14c13bf43a7a84b1efd32be511
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89F03A00A8960386FE647A7D584127416905F54BA2F890630FA2EC72D7DE2CA442875C

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00007FF6B89C76B0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                                              • API String ID: 199729137-3427451314
                                                                                                                                                                                                              • Opcode ID: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                              • Instruction ID: 013af935943010df476f96d5722f8b2db866c29c51be8800920618898f928024
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a662de07e299f73dada83b080b335429a490c7fb48c0bc5bb894b33d2b2cc2e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2902C320A1EB07D1FE55AB7DA8505B42BA1BF04B97B401431D71ED72A6EF3CB54E8318
                                                                                                                                                                                                              Function 00007FF6B89E411C Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                                              • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                              • API String ID: 808467561-2761157908
                                                                                                                                                                                                              • Opcode ID: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                              • Instruction ID: f398ee41b445978dfe0463d2d2c917bbb910f20fe8e76531765995f1f8679a17
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5eb30dd7dc62229e37aa5031b27090d50e2656cb9eae334aa241f26caa9cb01e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82B2B372A286838BEB249E7CD4407FD3BA1FB54747F501135DB0997A8ADF38E9068B44
                                                                                                                                                                                                              Function 00007FF6B89C83B0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FindFirstFileW.KERNEL32(?,00007FF6B89C8B09,00007FF6B89C3FA5), ref: 00007FF6B89C841B
                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,00007FF6B89C8B09,00007FF6B89C3FA5), ref: 00007FF6B89C849E
                                                                                                                                                                                                              • DeleteFileW.KERNEL32(?,00007FF6B89C8B09,00007FF6B89C3FA5), ref: 00007FF6B89C84BD
                                                                                                                                                                                                              • FindNextFileW.KERNEL32(?,00007FF6B89C8B09,00007FF6B89C3FA5), ref: 00007FF6B89C84CB
                                                                                                                                                                                                              • FindClose.KERNEL32(?,00007FF6B89C8B09,00007FF6B89C3FA5), ref: 00007FF6B89C84DC
                                                                                                                                                                                                              • RemoveDirectoryW.KERNEL32(?,00007FF6B89C8B09,00007FF6B89C3FA5), ref: 00007FF6B89C84E5
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                                              • String ID: %s\*
                                                                                                                                                                                                              • API String ID: 1057558799-766152087
                                                                                                                                                                                                              • Opcode ID: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                              • Instruction ID: 3b0423ca70bb7042657793b6499aba3d59ea37a538b0f481681f01fa0504fb46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 754801c57d3e7d892bd8d831a0c0450fb277ac1fd7854ad2b3e1f46bb6674256
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A6415E21A1C94395EE20AB7CA4485B96360FB94796F800232E79DD36D7DF3DD54B8B08
                                                                                                                                                                                                              Function 00007FF6B89CAD1D Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                                              • API String ID: 0-2665694366
                                                                                                                                                                                                              • Opcode ID: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                              • Instruction ID: c96cafbc0fd0be27feb1278407972e12ce41b9ea7ab338484dc107f7c8e91d1f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 183baba8c618070380c74d0f680cff30a06716a401d1faaba0935d79222a4dc0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A852D372A146A68BEB989E2CD458B7E3BE9EB44341F014139E74A83782DF3DD845CF44
                                                                                                                                                                                                              Function 00007FF6B89CD19C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3140674995-0
                                                                                                                                                                                                              • Opcode ID: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                              • Instruction ID: 06272c148057e5b5aeb3e57d34ce4768e8f8c1ac53afa89267e8539002f90db8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e81d7d82d421bb6c6595da19fcb57285cd54aee8b88ef40036ddb2a35706c3b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24315072618B8285EB609F68E8403EE3760FB94706F444039DB4D97B9ADF3CC549C714
                                                                                                                                                                                                              Function 00007FF6B89DA684 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1239891234-0
                                                                                                                                                                                                              • Opcode ID: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                              • Instruction ID: 53cb2b9b51e5df7c0f0cd7bd12e1f8f6f80d899fe3ceb8d16f73ed0496f14d3e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 823e7cd4caae9fc37a1281b2c5c5551f9de180c5e8ac7c275112a8c84bbfd9bf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43317132618B8286DB249B3DE8402AE77A0FB98755F540135EB8D87B66DF3CC556CB04
                                                                                                                                                                                                              Function 00007FF6B89E18E4 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2227656907-0
                                                                                                                                                                                                              • Opcode ID: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                              • Instruction ID: bb75ab84cdc1ab805395fbb4cf024b739ee57a3b1d7cf7875b44bf8f878fbace
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5fde642f47360a120b3bbdc49a752417dcdc94f7dd720a243365bab1f94d45be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3BB1C722B2868341EE61AB3D94001B96795FB84BE7F444131DF5E87B9AEE3CE446C308
                                                                                                                                                                                                              Function 00007FF6B89CD080 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                              • Instruction ID: 8820fd2cea61b0883aab38b0aff117b86e8c7787ca50f64bb4e5f540d9fcbb8c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7e0dc91749b0d7e19b464317103f3c41f17e8dff95374d43b780ecdfe6bf67b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7E114C22B14B06CAEF00DB78E8442B933A4FB19759F440E31EB2D877A5DF38E1598344
                                                                                                                                                                                                              Function 00007FF6B89E3C80 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memcpy_s
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1502251526-0
                                                                                                                                                                                                              • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                              • Instruction ID: aeda178976678c8a9485bb438673b436a55d278c53a507ede0801e0d0b10bca5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AAC1F672B2868687EF249F2DE04466ABB91F794786F448134DB4E83B45DF3DE806CB44
                                                                                                                                                                                                              Function 00007FF6B89CA4E4 Relevance: 4.1, Strings: 3, Instructions: 398COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                                              • API String ID: 0-1127688429
                                                                                                                                                                                                              • Opcode ID: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                              • Instruction ID: 21d5900884d436ff1cab6bb854a982868a44df7741d04c8a7ed28cd088620da6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 41de47797cb66f1826093f4b1d60416fd99d26d25a53ce6bfd127eaa39bdfb5e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9CF175B2A142D68BEB99AB2D8088A3A3AE9FF44745F054534DB4987393CF39D542CB44
                                                                                                                                                                                                              Function 00007FF6B89E9798 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 15204871-0
                                                                                                                                                                                                              • Opcode ID: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                              • Instruction ID: 50d7a7e62fb0d41b97948bb19f711b7d5850b32ad417a977147dc72aaf53ce95
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f74b2cda317b12825bead48c90720a79ba1abfeed249303701d480a1679e454
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 13B15A73A14B8A8BEB15DF2DC8863683BA0F784B4AF148821DB5D877A5CF39D456C704
                                                                                                                                                                                                              Function 00007FF6B89D3A14 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $
                                                                                                                                                                                                              • API String ID: 0-227171996
                                                                                                                                                                                                              • Opcode ID: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                              • Instruction ID: 05d4c8f9351b51ac87268720645acf13d543c3bad6f3e9caab1ae69fcb2977d9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3098a868bf4d382f942c0283459ab4806c0f53f7eb332f8174ba39f6fc7772a0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B2E1AF36A4864782EF68AE3D845013933A0EB45B4BF145275DF4E87696EF2DE843E70C
                                                                                                                                                                                                              Function 00007FF6B89CA34B Relevance: 2.7, Strings: 2, Instructions: 216COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: incorrect header check$invalid window size
                                                                                                                                                                                                              • API String ID: 0-900081337
                                                                                                                                                                                                              • Opcode ID: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                              • Instruction ID: 0709742c724e83a727a870e0169b578df467059c814f7c5db9231cc517f10796
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5aba513b73eb8988df982bd12c0510577381bb82701c7147ce4cedc0b53fa8f7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92919672A1828787EBA49A2DC458B3E3AD9FB44355F114139DB4A876C3CF39E581CF04
                                                                                                                                                                                                              Function 00007FF6B89DDF60 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: e+000$gfff
                                                                                                                                                                                                              • API String ID: 0-3030954782
                                                                                                                                                                                                              • Opcode ID: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                              • Instruction ID: 80c2486aa4634d62213f1cf42594d6e9a634198f7440e2bcf7277b89921ca046
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b62be3d0480bbbd0e022829aa0980c84d51f153df7fa61e27e52cad2b39beef0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8D515672B1C2C286EB249A3DD80076D7B91E744B95F489231CBAC87AC6CE3DE446C708
                                                                                                                                                                                                              Function 00007FF6B89DDACC Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                                                                              • API String ID: 0-1523873471
                                                                                                                                                                                                              • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                              • Instruction ID: 5a18305e26580132992bf75db3065b045315c157fe0c1ee7927c7f07dab0b495
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEA13562A4878647EF21DF3DA4007A97B91AB65BC4F048131DF8D87B96DE3DE502C709
                                                                                                                                                                                                              Function 00007FF6B89D8804 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: TMP
                                                                                                                                                                                                              • API String ID: 3215553584-3125297090
                                                                                                                                                                                                              • Opcode ID: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                              • Instruction ID: 11006b3684a909cfee73644397585a26f46fb31a8c3512c3959787b03b9e6e3e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f14576829c2a404d65bc8e6713cc3c63392e5e443677cfdf71167dbae88db0a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65517815B5864342EE68BB3E590127A5290AF84B86B488834DF5EE7797EE3CE457830C
                                                                                                                                                                                                              Function 00007FF6B89E34F0 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: HeapProcess
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 54951025-0
                                                                                                                                                                                                              • Opcode ID: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                              • Instruction ID: f5d319b83a79e79524a2ed413862b97f6be7ad9e6ff16b7ac52dda70da4c86e2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39e33fd4700d97162abc6aa121af668d241eeaeaed41ff08026f27548e358ff0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3B09220E17A02C2EE093B396CC622823A47F68702F980138C20C92330DE2C20EA5708
                                                                                                                                                                                                              Function 00007FF6B89D3610 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                              • Instruction ID: bc2b189111537a9cf3dda457b427fbcdcb88fbea99964ecc81ea7a1b5fd868fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5f2a1199bc68cddcf3b08423a19983f3afdde0c7e054ddf4c3f66946da216a90
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04D1B366A48A4385EF68AE3D805023D27A0EF45B4FF144275CF0D97696EF39E846E30C
                                                                                                                                                                                                              Function 00007FF6B89C9870 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                              • Instruction ID: 4ca3aa3ccb37099f2dd03f83a8a86a94250569a944864946f760c3923399392d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 069bb313382d3adaff5ac451a95cb3dd74dda88d5dd80987c9f0d361d468a953
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BC1AE762181E18BD289EB29E4794BA73D0F78930EB95406BEF87477C6CB3CA415DB10
                                                                                                                                                                                                              Function 00007FF6B89D2C80 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                              • Instruction ID: 64f45fbfa8b46d8e32cf7c941b553d5897fbcc5a146793a6cad128935772c8e6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2617fd8e8f043c0917c6a56c5cabdca8b91b1cd744d59a3c82f21f331bc63c74
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 04B18A72A4878795EB659F7DC05022C3BA0EB49B49F280535DB4E8739ACF39E442C75C
                                                                                                                                                                                                              Function 00007FF6B89DE5E0 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                              • Instruction ID: 5cd96cde080437d712ec58244876639b9cbfd86538cb0c522f2d8ea15de77545
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73948b09e9837a821f5a3b4bbb106c60bdc2a86aaa707f45330964650836ebfe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8781D272A4878246EBB4EF2DA44037E7A91FB45794F544235EB8D87B96DE3CE4018B0C
                                                                                                                                                                                                              Function 00007FF6B89E6488 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 0ac6b4c320f8a85a272a2d207e476957e076465a5e78eda0eae0a584ad6410a5
                                                                                                                                                                                                              • Instruction ID: c8f99909ff4637f0cdf4339ae641317058d056f1b5118785e3a7a36810de8670
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ac6b4c320f8a85a272a2d207e476957e076465a5e78eda0eae0a584ad6410a5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9461D722F3829746EF66AA3CC45423D6980BF41767F140239E71EC76D6DE6DE80AC708
                                                                                                                                                                                                              Function 00007FF6B89D21D4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                              • Instruction ID: 01061a933704060875b63da8161e30514b455b678243f89f5483355d221518b5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 20516E36A58653D2EB289B7DC04022863A0EB54F69F244131DF5D97796CF3AF843C748
                                                                                                                                                                                                              Function 00007FF6B89D19B4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                              • Instruction ID: b3b67056f3861320e8b0dcb073a95fa1ea55e3858b7342a1dd7e87b9a0b44cad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D8519437A5865282EB249B3DD04023873A0EB85B69F244131CF4D977AADF3AE843C74C
                                                                                                                                                                                                              Function 00007FF6B89D1DC4 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                              • Instruction ID: d50279aea9fa358f5b6d189ddb17e246e4c6dc5b718762b5833bf77398351ba8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1E516137A5865382EB249B3DD040228B7A1EB58B59F244232CF4D87796CF3AE843C75C
                                                                                                                                                                                                              Function 00007FF6B89D1BC0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                              • Instruction ID: b0037eb5a8a244d9d92b3bd1171d06a302c912bd576ce6aaae8c9101e5b5ce50
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED518F37A58A5286EB249B3DC440238B7A1EB55B59F244131CF4D977A6CF3AE843C74C
                                                                                                                                                                                                              Function 00007FF6B89D1FD0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                              • Instruction ID: 9c59a7030adccf3d034f5d5243511899895b212d4be443da9ff4b7fe7e25596e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE517D36A5865396EB249B7DC44023837A0EB49B59F249131CB4D977AACF3AFC43C748
                                                                                                                                                                                                              Function 00007FF6B89D17B0 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                              • Instruction ID: e63f67e19a707359960d97bfc67cd82fda6913c6a1a46df91541432657e58f31
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA517137A5865286EB649B3DD04023CA7A1EB44B59F249131CF4D977AACF3AE843C74C
                                                                                                                                                                                                              Function 00007FF6B89D5DA0 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                              • Instruction ID: 7a255cdc42b3a64a2c727777937521a159ebedb1041c64d5f738fe7c2e983f84
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9041C3A288964B54FDA5A97C05047B826809F22BA3E5813B0DFA9D73C3DD0CE987C31D
                                                                                                                                                                                                              Function 00007FF6B89D9F10 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFreeHeapLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 485612231-0
                                                                                                                                                                                                              • Opcode ID: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                              • Instruction ID: 08b80f96bb8326830372c753ae32e9ba5b2dc5caf1d972854efcb753f7cf4062
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4700cc90785079b7bb7a0602c46334a4ae9c6cdcc1bc7f68a8ec9cd099c19dcc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA41E422718A5682EF08DF3ED914169B3A1BB58FD0B199436EF0ED7B55DE3CD4428308
                                                                                                                                                                                                              Function 00007FF6B89D8154 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                              • Instruction ID: dc9036cfbae6ca29c9007aa8ea8533381ff8d7f4d4499b2e3df81528a54dd741
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3318132B58B4381EA64AB3D684012D6AD5AB85BD1F144639EB5DA3B97DF3CD013430C
                                                                                                                                                                                                              Function 00007FF6B89E95E0 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                              • Instruction ID: d63e3f5358e4ee8e5e541ae7bb662028df5f0e0ab7d05e9eae889e0ac9e5de08
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bcf48121633763fd2f6aa1741893fa818c421e56c797f7e3558f0bc07bbc94c0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 84F068717292568ADB989F7DA44262977D0F7083C0F40903DE68DC3B04DE3CD0629F08
                                                                                                                                                                                                              Function 00007FF6B89CD37C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                              • Opcode ID: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                              • Instruction ID: d8afd73d50d774f0aee4c44a99684afb50151b1dede27d39433867fb7af02149
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6acc2ec838af36dd9636ef9e1d94249ffac8b7a33868b0b47a68aa66541c0b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 88A0012191C80BD0EA44AB2CA8900252720BB60706B800031E20D961A69E2EA4069708
                                                                                                                                                                                                              Function 00007FF6B89C5820 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C5830
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C5842
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C5879
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C588B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C58A4
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C58B6
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C58CF
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C58E1
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C58FD
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C590F
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C592B
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C593D
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C5959
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C596B
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C5987
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C5999
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C59B5
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C64BF,?,00007FF6B89C336E), ref: 00007FF6B89C59C7
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressErrorLastProc
                                                                                                                                                                                                              • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                                              • API String ID: 199729137-653951865
                                                                                                                                                                                                              • Opcode ID: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                              • Instruction ID: 46021aea479c80a79728d98ec8d45d5f0c0482af9b7fee2a605e181623ac828a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ca4f2c8e8fa74ff45c561f9825c8e8d27386d4e804e1314c270c66bff6859f6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4322A42492AB07D2FE15EB7DA8541B42BA0BF04747B441435CA6FA3266FF3DB54E8318
                                                                                                                                                                                                              Function 00007FF6B89C81C0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6B89C45E4,00000000,00007FF6B89C1985), ref: 00007FF6B89C9439
                                                                                                                                                                                                              • ExpandEnvironmentStringsW.KERNEL32(?,00007FF6B89C88A7,?,?,00000000,00007FF6B89C3CBB), ref: 00007FF6B89C821C
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2810: MessageBoxW.USER32 ref: 00007FF6B89C28EA
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                                              • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                                              • API String ID: 1662231829-930877121
                                                                                                                                                                                                              • Opcode ID: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                              • Instruction ID: b280bb79e32acc7b73c5445274ce3a277d9bbba9fc200a3eeaaa1eadd1123742
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e491f33a4545c5dc9e33b4da933e1c9d98f9a36929a11ac7b8a73595df86892f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B8519211A2864391FF50BB3DE8552BA6250BF94783F444432EB0ED3697EF2DE5078B48
                                                                                                                                                                                                              Function 00007FF6B89C2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                              • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                              • Instruction ID: f34f0ceec0b866bf32b4bf4c4c74426cc33999bde5110d526174f7a492ce8585
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2251F8266147A286DA349F3AE4181BAB7A1F798B62F004131EFDF83695DF3CD046DB14
                                                                                                                                                                                                              Function 00007FF6B89C80B0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                                              • String ID: Needs to remove its temporary files.
                                                                                                                                                                                                              • API String ID: 3975851968-2863640275
                                                                                                                                                                                                              • Opcode ID: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                              • Instruction ID: c6b60cc83c5ad9a3c51aa5c5a5ed9d2514181c9de800193611fcbb5336b64ba0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b4b32be61da5f45784fe9fe2f7d724fb74bbaf2a32eb33803c40e4204126e7e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1521B421B28A43D2EF41AB7EA8441796690FF88BA3F084130DB2DD3397DE2CD5868704
                                                                                                                                                                                                              Function 00007FF6B89D6300 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: -$:$f$p$p
                                                                                                                                                                                                              • API String ID: 3215553584-2013873522
                                                                                                                                                                                                              • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                              • Instruction ID: 7902114eceec43494a8a0923b4069406f787da6730abb7eb3a24930b8524e8af
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4128062A4C24386FF65BE2CD15427A7691FB80752FC44035E78A876C6DF3CE5828B8C
                                                                                                                                                                                                              Function 00007FF6B89D1038 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: f$f$p$p$f
                                                                                                                                                                                                              • API String ID: 3215553584-1325933183
                                                                                                                                                                                                              • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                              • Instruction ID: 945b9ab049fc3dfa1a88a27ee724233160ad255513f0df27edad8d51c2d791ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10125123E4C14386FF24BA6DE0546B9E661EB40756F984035E799C79C6DF7CE4828B0C
                                                                                                                                                                                                              Function 00007FF6B89C1050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                              • Opcode ID: d68df71cf8db1756540facce7fa608ee59de41f47d3402f698371324708d94e4
                                                                                                                                                                                                              • Instruction ID: 3559214b1f69c45ce2dfe1394d279255033af669feacaa7ed4f762daecb6945b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d68df71cf8db1756540facce7fa608ee59de41f47d3402f698371324708d94e4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92415521B1865386EE10FB2EA8406BA6790BF44BC6F444432EF4D87797DE3DE5068B4C
                                                                                                                                                                                                              Function 00007FF6B89C1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                              • Opcode ID: 8bd1f5f2c04e28d282f40171ac874fe6bf77ec46ce63e2dbfd9812a0e69595ca
                                                                                                                                                                                                              • Instruction ID: 79d79ea7ce7b50da2806e2a12a8740d4de38ffe90278f434a1ee6980498fb5db
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bd1f5f2c04e28d282f40171ac874fe6bf77ec46ce63e2dbfd9812a0e69595ca
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A417A22A1868386EE00EB3D94405B96390BF44786F844832EF4D97B97DE3DE5478B4C
                                                                                                                                                                                                              Function 00007FF6B89CEA78 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                                              • String ID: csm$csm$csm
                                                                                                                                                                                                              • API String ID: 849930591-393685449
                                                                                                                                                                                                              • Opcode ID: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                              • Instruction ID: 4958eb84ad25fe5c6339e76b5f0c197350be79956499ba6103019dcf48c73909
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b3973e9ed2b821368333a922871466498bda8290f9160b5e7eff6497ccad0325
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7D15D6290878286EF20EB7DD4403AD67A0FB45799F100135EB4E97B97DF39E562CB04
                                                                                                                                                                                                              Function 00007FF6B89DED80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF6B89DF11A,?,?,0000025CAF568528,00007FF6B89DADC3,?,?,?,00007FF6B89DACBA,?,?,?,00007FF6B89D5FAE), ref: 00007FF6B89DEEFC
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF6B89DF11A,?,?,0000025CAF568528,00007FF6B89DADC3,?,?,?,00007FF6B89DACBA,?,?,?,00007FF6B89D5FAE), ref: 00007FF6B89DEF08
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                              • String ID: api-ms-$ext-ms-
                                                                                                                                                                                                              • API String ID: 3013587201-537541572
                                                                                                                                                                                                              • Opcode ID: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                              • Instruction ID: c8f244832da598e58deedd3b04b1fec500943793c7a2349d63f8f6022cec3a7b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2820b76ab0802fc58bac5aaef12ed6f6fffcf0c29b30edae647068643d5e49cf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4741E431B1960381FE16EB3E98046792291BF44B92F894535EF1ED7786EE3CE406831C
                                                                                                                                                                                                              Function 00007FF6B89C2C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B89C3706,?,00007FF6B89C3804), ref: 00007FF6B89C2C9E
                                                                                                                                                                                                              • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B89C3706,?,00007FF6B89C3804), ref: 00007FF6B89C2D63
                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF6B89C2D99
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                                              • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                                              • API String ID: 3940978338-251083826
                                                                                                                                                                                                              • Opcode ID: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                              • Instruction ID: abb34316a32d09a7bdcf1c750d2b08a6f59762d7be674fb5d48928ce7fface34
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5cbcdbf458937bec5e084182eea0cc5ea1ed3b872b1d9e6a561cbd57b4752a27
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F31C922708A4242EA20B77DA8102AA6795BF8479AF410136EF4DD375BDE3DD54BC708
                                                                                                                                                                                                              Function 00007FF6B89CDD38 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6B89CDFEA,?,?,?,00007FF6B89CDCDC,?,?,?,00007FF6B89CD8D9), ref: 00007FF6B89CDDBD
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6B89CDFEA,?,?,?,00007FF6B89CDCDC,?,?,?,00007FF6B89CD8D9), ref: 00007FF6B89CDDCB
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,?,?,00007FF6B89CDFEA,?,?,?,00007FF6B89CDCDC,?,?,?,00007FF6B89CD8D9), ref: 00007FF6B89CDDF5
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,?,00007FF6B89CDFEA,?,?,?,00007FF6B89CDCDC,?,?,?,00007FF6B89CD8D9), ref: 00007FF6B89CDE63
                                                                                                                                                                                                              • GetProcAddress.KERNEL32(?,?,?,00007FF6B89CDFEA,?,?,?,00007FF6B89CDCDC,?,?,?,00007FF6B89CD8D9), ref: 00007FF6B89CDE6F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                                              • String ID: api-ms-
                                                                                                                                                                                                              • API String ID: 2559590344-2084034818
                                                                                                                                                                                                              • Opcode ID: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                              • Instruction ID: 857c5fece05ade7654d568bdcdc500d8472cb438ee7e4cf564d2b4788ba8dc47
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7dacba43e0eeea41cb86842b35fa5572bc178a215ab50afad80fbb9160df823c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4319021B1A60381EE12EB2EA8005752394FF58FA2F494535DF1E97387EF3DE4468B18
                                                                                                                                                                                                              Function 00007FF6B89C6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                              • API String ID: 2050909247-2434346643
                                                                                                                                                                                                              • Opcode ID: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                              • Instruction ID: 4414a2a90da0d4269104e72169cfe37d79cecd48ec7bae4fb1d1d261909439ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5c7507e70d60f0fb7e3c9a3209df06ed2678ab3c183624e845013dd92edd1fac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C413121A18A8791EE11EB3CE4542F96761FB94346F800136EB6D83697EF3DE607CB44
                                                                                                                                                                                                              Function 00007FF6B89C2A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF6B89C351A,?,00000000,00007FF6B89C3F23), ref: 00007FF6B89C2AA0
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                              • API String ID: 2050909247-2900015858
                                                                                                                                                                                                              • Opcode ID: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                              • Instruction ID: 9aad03de028c65fd458f04a37d08ab6b6320f5dad0d459d2bc587f9074400761
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2c88a21be5af21f56a68c86fdca39687fee9058fd376c6caa55945c458c4d180
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E421743261878282EA11AB6DB8417E66794BB887C5F400132FF8D9365ADF7CD14A8748
                                                                                                                                                                                                              Function 00007FF6B89DB1C0 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                              • Opcode ID: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                              • Instruction ID: 02fbf19427fcc1972e86dada9fbc25126263d1da14585ac502e35559c473a5ad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a5225a2428ee1ea558fded41feed7619df648b57a5ff038aad9245715dd51944
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7211921F88247C2FE68777E965213D51825F647A2F444634EB2E87ADBDE2CA412430C
                                                                                                                                                                                                              Function 00007FF6B89E7DDC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                                              • String ID: CONOUT$
                                                                                                                                                                                                              • API String ID: 3230265001-3130406586
                                                                                                                                                                                                              • Opcode ID: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                              • Instruction ID: fe654bfbe25c9a4b7689c41feb7a93bc9fab4b6175df718c76c510aee5bb5c8b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5493e4d9a44aaf731d1a805f3958d18bb0ed212be4b6a830fa2bcaabe5bc997c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB11B721728A4282EB509B6EF84432966A0FB58BE6F040234EB5DD77A5CF3CD4058744
                                                                                                                                                                                                              Function 00007FF6B89C8560 Relevance: 9.1, APIs: 6, Instructions: 127COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcess.KERNEL32(?,?,?,00000000,00007FF6B89C9216), ref: 00007FF6B89C8592
                                                                                                                                                                                                              • K32EnumProcessModules.KERNEL32(?,?,00000000,00007FF6B89C9216), ref: 00007FF6B89C85E9
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6B89C45E4,00000000,00007FF6B89C1985), ref: 00007FF6B89C9439
                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6B89C9216), ref: 00007FF6B89C8678
                                                                                                                                                                                                              • K32GetModuleFileNameExW.KERNEL32(?,?,00000000,00007FF6B89C9216), ref: 00007FF6B89C86E4
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,00000000,00007FF6B89C9216), ref: 00007FF6B89C86F5
                                                                                                                                                                                                              • FreeLibrary.KERNEL32(?,?,00000000,00007FF6B89C9216), ref: 00007FF6B89C870A
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3462794448-0
                                                                                                                                                                                                              • Opcode ID: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                              • Instruction ID: 56f999d07990cc877b95ff9dc5d0b59bd81f074af6016b952363bd5f2c378db0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b52d66e3f6483ee012b3a88bb9869cc1030523c4b2827b1d8d4a1b21ae680e9c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F741A662B1968355EE30AB2DA5406AA6394FF84BC6F440035DF5DE7787EE3DD502CB08
                                                                                                                                                                                                              Function 00007FF6B89DB338 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6B89D4F81,?,?,?,?,00007FF6B89DA4FA,?,?,?,?,00007FF6B89D71FF), ref: 00007FF6B89DB347
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6B89D4F81,?,?,?,?,00007FF6B89DA4FA,?,?,?,?,00007FF6B89D71FF), ref: 00007FF6B89DB37D
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6B89D4F81,?,?,?,?,00007FF6B89DA4FA,?,?,?,?,00007FF6B89D71FF), ref: 00007FF6B89DB3AA
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6B89D4F81,?,?,?,?,00007FF6B89DA4FA,?,?,?,?,00007FF6B89D71FF), ref: 00007FF6B89DB3BB
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6B89D4F81,?,?,?,?,00007FF6B89DA4FA,?,?,?,?,00007FF6B89D71FF), ref: 00007FF6B89DB3CC
                                                                                                                                                                                                              • SetLastError.KERNEL32(?,?,?,00007FF6B89D4F81,?,?,?,?,00007FF6B89DA4FA,?,?,?,?,00007FF6B89D71FF), ref: 00007FF6B89DB3E7
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value$ErrorLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2506987500-0
                                                                                                                                                                                                              • Opcode ID: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                              • Instruction ID: e2575a778de4c8feed1a3fc65d183f0898983a8ad63229ea0c1b0935e46b3785
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3ef772190a77067448dcdc891e93f0fce571c39ad65bd9bbfe034f894ce387b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C114921B8D24382FE68773D9A9113DA1825F447A2F444734EA2EC7BD7DE2CA413930C
                                                                                                                                                                                                              Function 00007FF6B89C2910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6B89C1B6A), ref: 00007FF6B89C295E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                                              • API String ID: 2050909247-2962405886
                                                                                                                                                                                                              • Opcode ID: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                              • Instruction ID: 1fac28c7376f8f9fc206e13f206aae5c6149f2a47509b96387162aa8afe235c0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e805cce3db004805378da731f60641a61a9f8723a57293993104ba7ce00817f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8431A422B1868252EB10A77DA8406E66695BF887D6F400132FF8DD3757DE3CD54B8708
                                                                                                                                                                                                              Function 00007FF6B89C2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                              • API String ID: 3081866767-2699770090
                                                                                                                                                                                                              • Opcode ID: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                              • Instruction ID: c753fce0fefb2aeb087b0b84059fe3d545b4033167b4bfc9f5cdbc90d99b71ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 39c06ba8bf9b0b274a05e8f7e17acb9149a8f0f807fdaf6a00a55f32f6777a83
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79315E2261868389EB24EB7DE8552F96760FF88785F440135EB4E87A5ADF3CD1068708
                                                                                                                                                                                                              Function 00007FF6B89C2B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF6B89C918F,?,00007FF6B89C3C55), ref: 00007FF6B89C2BA0
                                                                                                                                                                                                              • MessageBoxW.USER32 ref: 00007FF6B89C2C2A
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentMessageProcess
                                                                                                                                                                                                              • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                                              • API String ID: 1672936522-3797743490
                                                                                                                                                                                                              • Opcode ID: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                              • Instruction ID: a085fe5e0120bd8020aa3a52dcdc97b5217150a15fe373161616a08e5151286f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9e6d9589c2ecbe46adae8e106eadd318faf54c8367477cb0129d25f7ec3a12f1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8421A662718B4282EB11AB6CF8447EA6754FB88786F400135EB8D97657DE3CD24AC744
                                                                                                                                                                                                              Function 00007FF6B89C2710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF6B89C1B99), ref: 00007FF6B89C2760
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                                              • API String ID: 2050909247-1591803126
                                                                                                                                                                                                              • Opcode ID: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                              • Instruction ID: 9d639b018d17fc80f6454e072e17e1d9f24877b5fb14883038aef4580cdd89b9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16defea7d45dc340f891dcb1518e5bd63c50e449678e4b46de0281de23a8290b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8121867261878282EB10EB6DB8417EA6794FB88785F400131FF8D9365BDF7CD14A8B48
                                                                                                                                                                                                              Function 00007FF6B89D9AF8 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                              • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                              • API String ID: 4061214504-1276376045
                                                                                                                                                                                                              • Opcode ID: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                              • Instruction ID: 9890348e87169e02b4b0089617eb05c8d7fa7bada3807423e78f3ec0d1a8d57f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 644f40749f2397ccfee8900b191f86882f652c7814ccefc594fcc00cef1e1075
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09F0AF21B1970781EF14AB3CE4553392360BF84763F440235DB6E8B1E9DF2CE04A8308
                                                                                                                                                                                                              Function 00007FF6B89E93D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _set_statfp
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1156100317-0
                                                                                                                                                                                                              • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                              • Instruction ID: 1287914284ac6850b2c0143e5b37216aba603db0a6adf76384946a2bd738678a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 02113DA2E78A2301FE54313CD45637938457F99367E084634EB6E87AD7EE2CA94B430D
                                                                                                                                                                                                              Function 00007FF6B89DB400 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • FlsGetValue.KERNEL32(?,?,?,00007FF6B89DA613,?,?,00000000,00007FF6B89DA8AE,?,?,?,?,?,00007FF6B89DA83A), ref: 00007FF6B89DB41F
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6B89DA613,?,?,00000000,00007FF6B89DA8AE,?,?,?,?,?,00007FF6B89DA83A), ref: 00007FF6B89DB43E
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6B89DA613,?,?,00000000,00007FF6B89DA8AE,?,?,?,?,?,00007FF6B89DA83A), ref: 00007FF6B89DB466
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6B89DA613,?,?,00000000,00007FF6B89DA8AE,?,?,?,?,?,00007FF6B89DA83A), ref: 00007FF6B89DB477
                                                                                                                                                                                                              • FlsSetValue.KERNEL32(?,?,?,00007FF6B89DA613,?,?,00000000,00007FF6B89DA8AE,?,?,?,?,?,00007FF6B89DA83A), ref: 00007FF6B89DB488
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                              • Opcode ID: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                              • Instruction ID: 1429a3543fb39ab0b3ff070af2f69464181cce4dafdcba162490d92a3599a660
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e370891a427e995cf622d6c66c6ae617f18e5219a23357883517039299fedc16
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D111D20F8964381FE58B73E999127951415F447B2F448234EA2EC7AD7DE2CA413830C
                                                                                                                                                                                                              Function 00007FF6B89DB294 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Value
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3702945584-0
                                                                                                                                                                                                              • Opcode ID: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                              • Instruction ID: f864c2b69886cee0d02c752d9b4212a58b4a3ae5ce3d5403adf49acd5e245edc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e449caa10890978289f0fc2f631dee428fb70040431ae2bf3103bb36de88fb08
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FC11C521F8920785FE68727E585227D51824F55362F584738EB2ECB6D3DD2CB853530D
                                                                                                                                                                                                              Function 00007FF6B89D6010 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: verbose
                                                                                                                                                                                                              • API String ID: 3215553584-579935070
                                                                                                                                                                                                              • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                              • Instruction ID: 00b81e067b1eb2cc417747b3b550e42442ae184446873cdf3ac303cbf5f5e2fb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9291AF22A48A4781EF66AE7DD45037D33A1AB41B96F444136DB9AC33D7DE3CE446838C
                                                                                                                                                                                                              Function 00007FF6B89DFC38 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                                              • API String ID: 3215553584-1196891531
                                                                                                                                                                                                              • Opcode ID: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                              • Instruction ID: 0e6a4a5258f951d2c10d04731b4723c7a5f20670ae37d073aecab0f96895d4d7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ea7f6e1ba59c177a711b7ec70ee344f27d005a52efb2894dd87f7f788f8515e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F281B132E8824385FF646F3D821227836A0AF11B4AF658035DB09D769BDF2DE903974D
                                                                                                                                                                                                              Function 00007FF6B89CD6B8 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                              • API String ID: 2395640692-1018135373
                                                                                                                                                                                                              • Opcode ID: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                              • Instruction ID: b19714d0322e1c6987de12203d1c2e82c5d239cd65374fe384076b29337c7c00
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7f5fdff7c0b40b6635b3f9850cf21a5be83d788788a684f503aa9329af71794
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8518022B196438AEF14AB2ED444A786791EB44F99F104135DB4E87747DF7EE842CB04
                                                                                                                                                                                                              Function 00007FF6B89CF2F8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                                              • String ID: csm$csm
                                                                                                                                                                                                              • API String ID: 3896166516-3733052814
                                                                                                                                                                                                              • Opcode ID: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                              • Instruction ID: e4ea1bc4ab7a8c69ae01b24383b9b2194c2b3497379fcdfe04df40980a78da9a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b872e8f6993e9c5779cc40e3c84c693849f7921638dfce8d08fafba9ab8d571
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1B518F7290828386EE64AF3DD04437876A0EB55B86F144136DB5D87B97CF7DE4528B08
                                                                                                                                                                                                              Function 00007FF6B89CEF48 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CallEncodePointerTranslator
                                                                                                                                                                                                              • String ID: MOC$RCC
                                                                                                                                                                                                              • API String ID: 3544855599-2084237596
                                                                                                                                                                                                              • Opcode ID: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                              • Instruction ID: 77f6b7cbabfd3fcc31ac1ddb39529f84c7d6ab78bef11eeb00fc4570b38ad409
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1984f943fe60021c6db05f5888f7dd086acc6d0e2a461e0c712dd9be4fa02006
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA619432908BC681DB60DB2DE4403AAB7A0FB85B95F044225EB9D47B57DF7DD191CB04
                                                                                                                                                                                                              Function 00007FF6B89C2810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message
                                                                                                                                                                                                              • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                                              • API String ID: 2030045667-255084403
                                                                                                                                                                                                              • Opcode ID: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                              • Instruction ID: 87de39233e6bd5ba0febe62f50b051c69a2168c354e1ec4e7db7af6f0b8805fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0f77ace03032ad826a8cfca47aff52564341a40e7b1b64160a5aa56c6ce0663
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C21D662718B4281EB11AB6CF4407EA6750FB88786F400131EB8D93657DE3CD24AC704
                                                                                                                                                                                                              Function 00007FF6B89DC610 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2718003287-0
                                                                                                                                                                                                              • Opcode ID: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                              • Instruction ID: ad9a45c16640b3ee7efe325e5a2a403cdb1245a63e57bef53829a93cc788339b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ea6e931977968e7606fd026366deb17473f9f47aeaf25dd19fcfb7bb3399e1d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7D1E372B18A828AEB11DF7DD4401AC3771FB54799B448226DF6D97B8ADE38D007C748
                                                                                                                                                                                                              Function 00007FF6B89C20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1956198572-0
                                                                                                                                                                                                              • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                              • Instruction ID: fd69e71c8277b2d4c2bce4b5b499aed6254e1f2a462c94190bf06185a9a8d779
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3011E921B1C14382FF55A7BEE5442795292FF88782F844031DB4947B8BDD3ED4868708
                                                                                                                                                                                                              Function 00007FF6B89E5B8C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: ?
                                                                                                                                                                                                              • API String ID: 1286766494-1684325040
                                                                                                                                                                                                              • Opcode ID: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                              • Instruction ID: 023ee9dfaba1c727d5d50f636bf3379c4bbc9fb874e65157583d7af21572c55f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 49037f27f8a3fd0af602071961786b5c11050eb40cc6520dd4d88adff463e317
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8241F712A2868346FF24AB3D98513795B90FB90BA7F144235EF5C87ADADE3CD446C708
                                                                                                                                                                                                              Function 00007FF6B89D9084 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _invalid_parameter_noinfo.LIBCMT ref: 00007FF6B89D90B6
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89DA9B8: RtlFreeHeap.NTDLL(?,?,?,00007FF6B89E2D92,?,?,?,00007FF6B89E2DCF,?,?,00000000,00007FF6B89E3295,?,?,?,00007FF6B89E31C7), ref: 00007FF6B89DA9CE
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89DA9B8: GetLastError.KERNEL32(?,?,?,00007FF6B89E2D92,?,?,?,00007FF6B89E2DCF,?,?,00000000,00007FF6B89E3295,?,?,?,00007FF6B89E31C7), ref: 00007FF6B89DA9D8
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF6B89CCC15), ref: 00007FF6B89D90D4
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: C:\Users\user\Desktop\rvigVjH6wf.exe
                                                                                                                                                                                                              • API String ID: 3580290477-1486766731
                                                                                                                                                                                                              • Opcode ID: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                              • Instruction ID: 6a6ee671600875752b64ec00d9ca204b389725ff57f4f3c506e9de2e7a352bd7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6949f310d66ea20a01752be9fefe254e5f7f697695929ffcc1b4329691481a3a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E417932A48B1386EB15BF3DA8901B867E5EB45781B555035EB4E83B96DE3CE4938308
                                                                                                                                                                                                              Function 00007FF6B89DCCA8 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastWrite
                                                                                                                                                                                                              • String ID: U
                                                                                                                                                                                                              • API String ID: 442123175-4171548499
                                                                                                                                                                                                              • Opcode ID: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                              • Instruction ID: aa17bca2506d69492164982aaf3d9a4f35b3235122c7cc9a2971315e117439fc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 476bd95e1daeb27f29af256220462f16043a6e728498dde3caabbd6ec9016d26
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5B41B432B19A4285DB209F2DE8443A96BA0FB98795F444031EF4DC7B99EF3CD402C748
                                                                                                                                                                                                              Function 00007FF6B89DF628 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentDirectory
                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                              • API String ID: 1611563598-336475711
                                                                                                                                                                                                              • Opcode ID: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                              • Instruction ID: 035a7c6edc0c2b7e62e5f684bac726fa2148272b80ba43b3fb4d0a3501a9554d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6dc5ef3b9a701496246f0bbbe5215094a09db29d56a445c076fb19df1080212
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0321E932A0828782FF24AB3DD44516D73B1FB84B46F958035E78D83A96DF7CE9468748
                                                                                                                                                                                                              Function 00007FF6B89CFDB8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                                              • String ID: csm
                                                                                                                                                                                                              • API String ID: 2573137834-1018135373
                                                                                                                                                                                                              • Opcode ID: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                              • Instruction ID: d7d4c2e24f73c6b0d6454b984dca9207b62250ba0a0990242ad8b1b40af24a57
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f0f6445cfedea8dceb7eb9436a550d57130d2c9509dbddfada5299d94659d4a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD115E32618B8282EF219F29F44025977E0FB88B85F584230DB8D47B56DF7DC5528B04
                                                                                                                                                                                                              Function 00007FF6B89E07AC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000000.00000002.3070621206.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070604049.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070657457.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070680666.00007FF6B8A02000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000000.00000002.3070717471.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID: :
                                                                                                                                                                                                              • API String ID: 2595371189-336475711
                                                                                                                                                                                                              • Opcode ID: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                              • Instruction ID: 9bff871f1c52910d50008b156fdd2d252f24b9d54c305b8837f059957b6d19c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12447209ac998d916ea5af24bee96286b8310982615a7f3bb8f9e7bff02e83a7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA01752291C20385FF20BB7C946527E2AA0FF54706F840435D74DC7692DE2DE5068B1C

                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                              Execution Coverage:1.4%
                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                              Signature Coverage:5.3%
                                                                                                                                                                                                              Total number of Nodes:966
                                                                                                                                                                                                              Total number of Limit Nodes:47
                                                                                                                                                                                                              execution_graph 90544 7ffe0eb41000 PyImport_ImportModule 90545 7ffe0eb4103e 90544->90545 90546 7ffe0eb41016 90544->90546 90547 7ffe0eb4102a PyCapsule_Import 90546->90547 90548 7ffe0eb41021 _Py_Dealloc 90546->90548 90547->90545 90548->90547 90549 7ff6b89c2fe0 90550 7ff6b89c2ff0 90549->90550 90551 7ff6b89c3041 90550->90551 90552 7ff6b89c302b 90550->90552 90555 7ff6b89c3061 90551->90555 90556 7ff6b89c3077 __std_exception_destroy 90551->90556 90625 7ff6b89c2710 54 API calls _log10_special 90552->90625 90554 7ff6b89c3037 __std_exception_destroy 90627 7ff6b89cc5c0 90554->90627 90626 7ff6b89c2710 54 API calls _log10_special 90555->90626 90556->90554 90561 7ff6b89c3349 90556->90561 90564 7ff6b89c3333 90556->90564 90566 7ff6b89c330d 90556->90566 90568 7ff6b89c3207 90556->90568 90577 7ff6b89c1470 90556->90577 90607 7ff6b89c1c80 90556->90607 90640 7ff6b89c2710 54 API calls _log10_special 90561->90640 90639 7ff6b89c2710 54 API calls _log10_special 90564->90639 90638 7ff6b89c2710 54 API calls _log10_special 90566->90638 90569 7ff6b89c3273 90568->90569 90636 7ff6b89da474 37 API calls 2 library calls 90568->90636 90571 7ff6b89c3290 90569->90571 90572 7ff6b89c329e 90569->90572 90637 7ff6b89da474 37 API calls 2 library calls 90571->90637 90611 7ff6b89c2dd0 90572->90611 90575 7ff6b89c329c 90615 7ff6b89c2500 90575->90615 90641 7ff6b89c45b0 90577->90641 90580 7ff6b89c14bc 90651 7ff6b89d0744 90580->90651 90581 7ff6b89c149b 90681 7ff6b89c2710 54 API calls _log10_special 90581->90681 90584 7ff6b89c14ab 90584->90556 90585 7ff6b89c14d1 90586 7ff6b89c14d5 90585->90586 90587 7ff6b89c14f8 90585->90587 90682 7ff6b89d4f78 11 API calls _get_daylight 90586->90682 90590 7ff6b89c1532 90587->90590 90591 7ff6b89c1508 90587->90591 90589 7ff6b89c14da 90683 7ff6b89c2910 54 API calls _log10_special 90589->90683 90594 7ff6b89c1538 90590->90594 90602 7ff6b89c154b 90590->90602 90684 7ff6b89d4f78 11 API calls _get_daylight 90591->90684 90655 7ff6b89c1210 90594->90655 90595 7ff6b89c1510 90685 7ff6b89c2910 54 API calls _log10_special 90595->90685 90599 7ff6b89c14f3 __std_exception_destroy 90677 7ff6b89d00bc 90599->90677 90600 7ff6b89c15c4 90600->90556 90602->90599 90603 7ff6b89c15d6 90602->90603 90686 7ff6b89d040c 90602->90686 90689 7ff6b89d4f78 11 API calls _get_daylight 90603->90689 90605 7ff6b89c15db 90690 7ff6b89c2910 54 API calls _log10_special 90605->90690 90608 7ff6b89c1ca5 90607->90608 90931 7ff6b89d49f4 90608->90931 90614 7ff6b89c2e04 90611->90614 90612 7ff6b89c2f6f 90612->90575 90614->90612 90954 7ff6b89da474 37 API calls 2 library calls 90614->90954 90616 7ff6b89c2536 90615->90616 90617 7ff6b89c252c 90615->90617 90619 7ff6b89c254b 90616->90619 90621 7ff6b89c9400 2 API calls 90616->90621 90618 7ff6b89c9400 2 API calls 90617->90618 90618->90616 90620 7ff6b89c2560 90619->90620 90622 7ff6b89c9400 2 API calls 90619->90622 90955 7ff6b89c2390 90620->90955 90621->90619 90622->90620 90624 7ff6b89c257c __std_exception_destroy 90624->90554 90625->90554 90626->90554 90628 7ff6b89cc5c9 90627->90628 90629 7ff6b89c31fa 90628->90629 90630 7ff6b89cc950 IsProcessorFeaturePresent 90628->90630 90631 7ff6b89cc968 90630->90631 91013 7ff6b89ccb48 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 90631->91013 90633 7ff6b89cc97b 91014 7ff6b89cc910 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 90633->91014 90636->90569 90637->90575 90638->90554 90639->90554 90640->90554 90642 7ff6b89c45bc 90641->90642 90691 7ff6b89c9400 90642->90691 90644 7ff6b89c45e4 90645 7ff6b89c9400 2 API calls 90644->90645 90646 7ff6b89c45f7 90645->90646 90696 7ff6b89d6004 90646->90696 90649 7ff6b89cc5c0 _log10_special 8 API calls 90650 7ff6b89c1493 90649->90650 90650->90580 90650->90581 90652 7ff6b89d0774 90651->90652 90864 7ff6b89d04d4 90652->90864 90654 7ff6b89d078d 90654->90585 90656 7ff6b89c1268 90655->90656 90657 7ff6b89c126f 90656->90657 90658 7ff6b89c1297 90656->90658 90881 7ff6b89c2710 54 API calls _log10_special 90657->90881 90661 7ff6b89c12b1 90658->90661 90662 7ff6b89c12d4 90658->90662 90660 7ff6b89c1282 90660->90599 90882 7ff6b89d4f78 11 API calls _get_daylight 90661->90882 90666 7ff6b89c12e6 90662->90666 90675 7ff6b89c1309 memcpy_s 90662->90675 90664 7ff6b89c12b6 90883 7ff6b89c2910 54 API calls _log10_special 90664->90883 90884 7ff6b89d4f78 11 API calls _get_daylight 90666->90884 90668 7ff6b89d040c _fread_nolock 53 API calls 90668->90675 90669 7ff6b89c12eb 90885 7ff6b89c2910 54 API calls _log10_special 90669->90885 90671 7ff6b89c12cf __std_exception_destroy 90671->90599 90672 7ff6b89c13cf 90886 7ff6b89c2710 54 API calls _log10_special 90672->90886 90675->90668 90675->90671 90675->90672 90676 7ff6b89d0180 37 API calls 90675->90676 90877 7ff6b89d0b4c 90675->90877 90676->90675 90678 7ff6b89d00ec 90677->90678 90903 7ff6b89cfe98 90678->90903 90680 7ff6b89d0105 90680->90600 90681->90584 90682->90589 90683->90599 90684->90595 90685->90599 90915 7ff6b89d042c 90686->90915 90689->90605 90690->90599 90692 7ff6b89c9422 MultiByteToWideChar 90691->90692 90695 7ff6b89c9446 90691->90695 90694 7ff6b89c945c __std_exception_destroy 90692->90694 90692->90695 90693 7ff6b89c9463 MultiByteToWideChar 90693->90694 90694->90644 90695->90693 90695->90694 90697 7ff6b89d5f38 90696->90697 90698 7ff6b89d5f5e 90697->90698 90701 7ff6b89d5f91 90697->90701 90727 7ff6b89d4f78 11 API calls _get_daylight 90698->90727 90700 7ff6b89d5f63 90728 7ff6b89da950 37 API calls _invalid_parameter_noinfo 90700->90728 90703 7ff6b89d5fa4 90701->90703 90704 7ff6b89d5f97 90701->90704 90715 7ff6b89dac98 90703->90715 90729 7ff6b89d4f78 11 API calls _get_daylight 90704->90729 90707 7ff6b89c4606 90707->90649 90709 7ff6b89d5fc5 90722 7ff6b89dff3c 90709->90722 90710 7ff6b89d5fb8 90730 7ff6b89d4f78 11 API calls _get_daylight 90710->90730 90713 7ff6b89d5fd8 90731 7ff6b89d54e8 LeaveCriticalSection 90713->90731 90732 7ff6b89e0348 EnterCriticalSection 90715->90732 90717 7ff6b89dacaf 90718 7ff6b89dad0c 19 API calls 90717->90718 90719 7ff6b89dacba 90718->90719 90720 7ff6b89e03a8 _isindst LeaveCriticalSection 90719->90720 90721 7ff6b89d5fae 90720->90721 90721->90709 90721->90710 90733 7ff6b89dfc38 90722->90733 90725 7ff6b89dff96 90725->90713 90727->90700 90728->90707 90729->90707 90730->90707 90734 7ff6b89dfc73 __vcrt_FlsAlloc 90733->90734 90743 7ff6b89dfe3a 90734->90743 90748 7ff6b89d7aac 51 API calls 3 library calls 90734->90748 90736 7ff6b89dff11 90752 7ff6b89da950 37 API calls _invalid_parameter_noinfo 90736->90752 90738 7ff6b89dfe43 90738->90725 90745 7ff6b89e6dc4 90738->90745 90740 7ff6b89dfea5 90740->90743 90749 7ff6b89d7aac 51 API calls 3 library calls 90740->90749 90742 7ff6b89dfec4 90742->90743 90750 7ff6b89d7aac 51 API calls 3 library calls 90742->90750 90743->90738 90751 7ff6b89d4f78 11 API calls _get_daylight 90743->90751 90753 7ff6b89e63c4 90745->90753 90748->90740 90749->90742 90750->90743 90751->90736 90752->90738 90754 7ff6b89e63db 90753->90754 90755 7ff6b89e63f9 90753->90755 90807 7ff6b89d4f78 11 API calls _get_daylight 90754->90807 90755->90754 90758 7ff6b89e6415 90755->90758 90757 7ff6b89e63e0 90808 7ff6b89da950 37 API calls _invalid_parameter_noinfo 90757->90808 90764 7ff6b89e69d4 90758->90764 90762 7ff6b89e63ec 90762->90725 90810 7ff6b89e6708 90764->90810 90767 7ff6b89e6a61 90830 7ff6b89d8590 90767->90830 90768 7ff6b89e6a49 90842 7ff6b89d4f58 11 API calls _get_daylight 90768->90842 90779 7ff6b89e6440 90779->90762 90809 7ff6b89d8568 LeaveCriticalSection 90779->90809 90787 7ff6b89e6a4e 90843 7ff6b89d4f78 11 API calls _get_daylight 90787->90843 90807->90757 90808->90762 90811 7ff6b89e6734 90810->90811 90815 7ff6b89e674e 90810->90815 90811->90815 90855 7ff6b89d4f78 11 API calls _get_daylight 90811->90855 90813 7ff6b89e6743 90856 7ff6b89da950 37 API calls _invalid_parameter_noinfo 90813->90856 90817 7ff6b89e67cc 90815->90817 90857 7ff6b89d4f78 11 API calls _get_daylight 90815->90857 90816 7ff6b89e681d 90829 7ff6b89e687a 90816->90829 90861 7ff6b89d9be8 37 API calls 2 library calls 90816->90861 90817->90816 90859 7ff6b89d4f78 11 API calls _get_daylight 90817->90859 90820 7ff6b89e6876 90823 7ff6b89e68f8 90820->90823 90820->90829 90822 7ff6b89e6812 90860 7ff6b89da950 37 API calls _invalid_parameter_noinfo 90822->90860 90862 7ff6b89da970 17 API calls _CallSETranslator 90823->90862 90824 7ff6b89e67c1 90858 7ff6b89da950 37 API calls _invalid_parameter_noinfo 90824->90858 90829->90767 90829->90768 90863 7ff6b89e0348 EnterCriticalSection 90830->90863 90842->90787 90843->90779 90855->90813 90856->90815 90857->90824 90858->90817 90859->90822 90860->90816 90861->90820 90865 7ff6b89d053e 90864->90865 90866 7ff6b89d04fe 90864->90866 90865->90866 90868 7ff6b89d054a 90865->90868 90876 7ff6b89da884 37 API calls 2 library calls 90866->90876 90875 7ff6b89d54dc EnterCriticalSection 90868->90875 90869 7ff6b89d0525 90869->90654 90871 7ff6b89d054f 90872 7ff6b89d0658 71 API calls 90871->90872 90873 7ff6b89d0561 90872->90873 90874 7ff6b89d54e8 _fread_nolock LeaveCriticalSection 90873->90874 90874->90869 90876->90869 90878 7ff6b89d0b7c 90877->90878 90887 7ff6b89d089c 90878->90887 90880 7ff6b89d0b9a 90880->90675 90881->90660 90882->90664 90883->90671 90884->90669 90885->90671 90886->90671 90888 7ff6b89d08bc 90887->90888 90889 7ff6b89d08e9 90887->90889 90888->90889 90890 7ff6b89d08f1 90888->90890 90891 7ff6b89d08c6 90888->90891 90889->90880 90894 7ff6b89d07dc 90890->90894 90901 7ff6b89da884 37 API calls 2 library calls 90891->90901 90902 7ff6b89d54dc EnterCriticalSection 90894->90902 90896 7ff6b89d07f9 90897 7ff6b89d081c 74 API calls 90896->90897 90898 7ff6b89d0802 90897->90898 90899 7ff6b89d54e8 _fread_nolock LeaveCriticalSection 90898->90899 90900 7ff6b89d080d 90899->90900 90900->90889 90901->90889 90904 7ff6b89cfeb3 90903->90904 90905 7ff6b89cfee1 90903->90905 90914 7ff6b89da884 37 API calls 2 library calls 90904->90914 90906 7ff6b89cfed3 90905->90906 90913 7ff6b89d54dc EnterCriticalSection 90905->90913 90906->90680 90909 7ff6b89cfef8 90910 7ff6b89cff14 72 API calls 90909->90910 90911 7ff6b89cff04 90910->90911 90912 7ff6b89d54e8 _fread_nolock LeaveCriticalSection 90911->90912 90912->90906 90914->90906 90916 7ff6b89d0424 90915->90916 90917 7ff6b89d0456 90915->90917 90916->90602 90917->90916 90918 7ff6b89d04a2 90917->90918 90919 7ff6b89d0465 memcpy_s 90917->90919 90928 7ff6b89d54dc EnterCriticalSection 90918->90928 90929 7ff6b89d4f78 11 API calls _get_daylight 90919->90929 90922 7ff6b89d04aa 90924 7ff6b89d01ac _fread_nolock 51 API calls 90922->90924 90923 7ff6b89d047a 90930 7ff6b89da950 37 API calls _invalid_parameter_noinfo 90923->90930 90926 7ff6b89d04c1 90924->90926 90927 7ff6b89d54e8 _fread_nolock LeaveCriticalSection 90926->90927 90927->90916 90929->90923 90930->90916 90934 7ff6b89d4a4e 90931->90934 90932 7ff6b89d4a73 90949 7ff6b89da884 37 API calls 2 library calls 90932->90949 90933 7ff6b89d4aaf 90950 7ff6b89d2c80 49 API calls _invalid_parameter_noinfo 90933->90950 90934->90932 90934->90933 90938 7ff6b89d4a9d 90940 7ff6b89cc5c0 _log10_special 8 API calls 90938->90940 90939 7ff6b89d4b58 90944 7ff6b89d4b61 90939->90944 90945 7ff6b89d4b8c 90939->90945 90942 7ff6b89c1cc8 90940->90942 90941 7ff6b89d4b46 90941->90939 90943 7ff6b89d4bb0 90941->90943 90941->90944 90941->90945 90942->90556 90943->90945 90946 7ff6b89d4bba 90943->90946 90951 7ff6b89da9b8 11 API calls 2 library calls 90944->90951 90953 7ff6b89da9b8 11 API calls 2 library calls 90945->90953 90952 7ff6b89da9b8 11 API calls 2 library calls 90946->90952 90949->90938 90950->90941 90951->90938 90952->90938 90953->90938 90954->90612 90974 7ff6b89cc8c0 90955->90974 90958 7ff6b89c23e5 memcpy_s 90976 7ff6b89c25c0 90958->90976 90960 7ff6b89c242b memcpy_s 90980 7ff6b89d79dc 90960->90980 90963 7ff6b89d79dc 37 API calls 90964 7ff6b89c245e 90963->90964 90965 7ff6b89d79dc 37 API calls 90964->90965 90966 7ff6b89c246b DialogBoxIndirectParamW 90965->90966 90967 7ff6b89c24a1 __std_exception_destroy 90966->90967 90968 7ff6b89c24c1 DeleteObject 90967->90968 90969 7ff6b89c24c7 90967->90969 90968->90969 90970 7ff6b89c24d3 DestroyIcon 90969->90970 90971 7ff6b89c24d9 90969->90971 90970->90971 90972 7ff6b89cc5c0 _log10_special 8 API calls 90971->90972 90973 7ff6b89c24ea 90972->90973 90973->90624 90975 7ff6b89c23a9 GetModuleHandleW 90974->90975 90975->90958 90977 7ff6b89c25e5 90976->90977 90988 7ff6b89d4c48 90977->90988 90981 7ff6b89d79fa 90980->90981 90984 7ff6b89c2451 90980->90984 90981->90984 91011 7ff6b89e04e4 37 API calls 2 library calls 90981->91011 90983 7ff6b89d7a29 90983->90984 90985 7ff6b89d7a49 90983->90985 90984->90963 91012 7ff6b89da970 17 API calls _CallSETranslator 90985->91012 90989 7ff6b89d4ca2 90988->90989 90990 7ff6b89d4cc7 90989->90990 90991 7ff6b89d4d03 90989->90991 91006 7ff6b89da884 37 API calls 2 library calls 90990->91006 91007 7ff6b89d3000 48 API calls _invalid_parameter_noinfo 90991->91007 90994 7ff6b89d4cf1 90996 7ff6b89cc5c0 _log10_special 8 API calls 90994->90996 90995 7ff6b89d4de4 91010 7ff6b89da9b8 11 API calls 2 library calls 90995->91010 90999 7ff6b89c2604 90996->90999 90998 7ff6b89d4d9e 90998->90995 91000 7ff6b89d4e0a 90998->91000 91001 7ff6b89d4db9 90998->91001 91002 7ff6b89d4db0 90998->91002 90999->90960 91000->90995 91003 7ff6b89d4e14 91000->91003 91008 7ff6b89da9b8 11 API calls 2 library calls 91001->91008 91002->90995 91002->91001 91009 7ff6b89da9b8 11 API calls 2 library calls 91003->91009 91006->90994 91007->90998 91008->90994 91009->90994 91010->90994 91011->90983 91013->90633 91015 7ff6b89c20c0 91016 7ff6b89c213b GetWindowLongPtrW 91015->91016 91018 7ff6b89c20d5 91015->91018 91025 7ff6b89c2180 GetDC 91016->91025 91021 7ff6b89c20e2 91018->91021 91022 7ff6b89c210a SetWindowLongPtrW 91018->91022 91019 7ff6b89c20f4 EndDialog 91023 7ff6b89c20fa 91019->91023 91021->91019 91021->91023 91024 7ff6b89c2124 91022->91024 91026 7ff6b89c224d 91025->91026 91027 7ff6b89c21bd 91025->91027 91028 7ff6b89c2252 MoveWindow MoveWindow MoveWindow MoveWindow 91026->91028 91029 7ff6b89c21ef SelectObject 91027->91029 91030 7ff6b89c21fb DrawTextW 91027->91030 91031 7ff6b89cc5c0 _log10_special 8 API calls 91028->91031 91029->91030 91032 7ff6b89c2231 ReleaseDC 91030->91032 91033 7ff6b89c2225 SelectObject 91030->91033 91034 7ff6b89c2158 InvalidateRect 91031->91034 91032->91028 91033->91032 91034->91023 91035 7ffe013174a0 91036 7ffe013174b5 91035->91036 91037 7ffe013174f1 91036->91037 91038 7ffe013174cc ERR_set_mark OBJ_nid2sn EVP_CIPHER_fetch ERR_pop_to_mark 91036->91038 91038->91037 91241 7ffe0e169153 91272 7ffe0e164280 91241->91272 91243 7ffe0e169197 91244 7ffe0e1691d3 91243->91244 91247 7ffe0e1691ae 91243->91247 91245 7ffe0e1691f6 91244->91245 91248 7ffe0e1691f0 _Py_Dealloc 91244->91248 91246 7ffe0e16920e 91245->91246 91252 7ffe0e169205 _Py_Dealloc 91245->91252 91249 7ffe0e169231 91246->91249 91253 7ffe0e16922b _Py_Dealloc 91246->91253 91250 7ffe0e1691c1 91247->91250 91254 7ffe0e1691b8 _Py_Dealloc 91247->91254 91248->91245 91251 7ffe0e169254 91249->91251 91256 7ffe0e16924e _Py_Dealloc 91249->91256 91255 7ffe0e169277 91251->91255 91258 7ffe0e169271 _Py_Dealloc 91251->91258 91252->91246 91253->91249 91254->91250 91257 7ffe0e16929a 91255->91257 91259 7ffe0e169294 _Py_Dealloc 91255->91259 91256->91251 91260 7ffe0e1692b7 _Py_Dealloc 91257->91260 91261 7ffe0e1692bd 91257->91261 91258->91255 91259->91257 91260->91261 91263 7ffe0e1692e0 91261->91263 91264 7ffe0e1692da _Py_Dealloc 91261->91264 91262 7ffe0e169303 91265 7ffe0e169326 91262->91265 91269 7ffe0e169320 _Py_Dealloc 91262->91269 91263->91262 91266 7ffe0e1692fd _Py_Dealloc 91263->91266 91264->91263 91267 7ffe0e169349 91265->91267 91270 7ffe0e169343 _Py_Dealloc 91265->91270 91266->91262 91268 7ffe0e16936c 91267->91268 91271 7ffe0e169366 _Py_Dealloc 91267->91271 91269->91265 91270->91267 91271->91268 91274 7ffe0e1642ba 91272->91274 91273 7ffe0e164375 PyUnicode_FromStringAndSize 91278 7ffe0e16439d PyUnicode_InternInPlace 91273->91278 91279 7ffe0e1646d4 91273->91279 91274->91273 91276 7ffe0e1643cf 91274->91276 91275 7ffe0e16448a 91281 7ffe0e164525 91275->91281 91282 7ffe0e1644e0 PyLong_FromString 91275->91282 91276->91275 91280 7ffe0e164445 PyBytes_FromStringAndSize 91276->91280 91277 7ffe0e164570 PyFloat_FromDouble 91277->91279 91277->91281 91278->91274 91279->91243 91280->91276 91280->91279 91281->91277 91285 7ffe0e164596 91281->91285 91282->91275 91282->91279 91283 7ffe0e1645d0 PyComplex_FromDoubles 91283->91279 91283->91285 91284 7ffe0e164610 PyTuple_New 91284->91279 91286 7ffe0e1645fb 91284->91286 91285->91283 91285->91286 91286->91284 91288 7ffe0e16466c 91286->91288 91287 7ffe0e164680 PyFrozenSet_New 91287->91279 91287->91288 91288->91279 91288->91287 91289 7ffe0e1646b4 PySet_Add 91288->91289 91289->91279 91289->91288 91290 7ffe0ec46ea4 PyType_GetModuleByDef PyModule_GetState 91291 7ffe0ec46ee1 91290->91291 91292 7ffe0ec46f0a 91291->91292 91293 7ffe0ec46ef6 _PyArg_NoKeywords 91291->91293 91294 7ffe0ec46f19 _PyArg_CheckPositional 91292->91294 91295 7ffe0ec46f2d _PyLong_AsInt 91292->91295 91293->91292 91299 7ffe0ec46f53 91293->91299 91294->91295 91294->91299 91296 7ffe0ec46f3e PyErr_Occurred 91295->91296 91297 7ffe0ec46f49 91295->91297 91296->91297 91296->91299 91300 7ffe0ec47914 PyType_GetModuleByDef 91297->91300 91301 7ffe0ec47978 91300->91301 91302 7ffe0ec47946 PyErr_SetString 91300->91302 91304 7ffe0ec47987 91301->91304 91305 7ffe0ec47a3b PyErr_WarnEx 91301->91305 91303 7ffe0ec4795d 91302->91303 91303->91299 91307 7ffe0ec47a10 PyErr_WarnEx 91304->91307 91308 7ffe0ec47990 91304->91308 91305->91303 91306 7ffe0ec47a5e TLS_method 91305->91306 91310 7ffe0ec47a64 91306->91310 91307->91303 91309 7ffe0ec47a33 TLSv1_method 91307->91309 91311 7ffe0ec479e5 PyErr_WarnEx 91308->91311 91312 7ffe0ec47995 91308->91312 91309->91310 91314 7ffe0ec47a6c PyErr_Format 91310->91314 91315 7ffe0ec47a8b PyEval_SaveThread SSL_CTX_new PyEval_RestoreThread 91310->91315 91311->91303 91313 7ffe0ec47a08 TLSv1_1_method 91311->91313 91316 7ffe0ec479be PyErr_WarnEx 91312->91316 91317 7ffe0ec4799a 91312->91317 91313->91310 91314->91303 91319 7ffe0ec47ad1 91315->91319 91320 7ffe0ec47aae PyModule_GetState 91315->91320 91316->91303 91318 7ffe0ec479dd TLSv1_2_method 91316->91318 91321 7ffe0ec4799f 91317->91321 91322 7ffe0ec479b3 TLS_client_method 91317->91322 91318->91310 91325 7ffe0ec47ae5 SSL_CTX_free 91319->91325 91326 7ffe0ec47af3 PyModule_GetState 91319->91326 91345 7ffe0ec46554 31 API calls 91320->91345 91321->91314 91324 7ffe0ec479a8 TLS_server_method 91321->91324 91322->91310 91324->91310 91325->91303 91327 7ffe0ec47b2f 91326->91327 91346 7ffe0ec465a8 PyErr_SetString SSL_CTX_get_verify_callback SSL_CTX_set_verify 91327->91346 91329 7ffe0ec47b3e 91330 7ffe0ec47b43 91329->91330 91331 7ffe0ec47b6c SSL_CTX_set_options 91329->91331 91330->91303 91334 7ffe0ec47b56 _Py_Dealloc 91330->91334 91332 7ffe0ec47b94 91331->91332 91333 7ffe0ec47b9b SSL_CTX_set_cipher_list 91331->91333 91332->91333 91335 7ffe0ec47bd5 91333->91335 91336 7ffe0ec47ba5 91333->91336 91334->91303 91338 7ffe0ec47be4 SSL_CTX_ctrl 91335->91338 91342 7ffe0ec47c39 6 API calls 91335->91342 91337 7ffe0ec47bb8 ERR_clear_error PyErr_SetString 91336->91337 91339 7ffe0ec47baf _Py_Dealloc 91336->91339 91340 7ffe0ec47c1a 91337->91340 91341 7ffe0ec47c00 PyErr_Format 91338->91341 91338->91342 91339->91337 91343 7ffe0ec47c2e ERR_clear_error 91340->91343 91344 7ffe0ec47c25 _Py_Dealloc 91340->91344 91341->91340 91342->91303 91343->91303 91344->91343 91345->91303 91346->91329 91039 7ffe0e172acd 91040 7ffe0e172ad3 91039->91040 91041 7ffe0e172adf 91039->91041 91040->91041 91042 7ffe0e172ad9 _Py_Dealloc 91040->91042 91047 7ffe0e164700 PyImport_ImportModuleLevelObject 91041->91047 91042->91041 91046 7ffe0e173df7 91048 7ffe0e1648bb 91047->91048 91060 7ffe0e164743 91047->91060 91064 7ffe0e1638f0 10 API calls 91048->91064 91049 7ffe0e164770 PyObject_GetAttr 91050 7ffe0e16478b PyUnicode_FromFormat 91049->91050 91049->91060 91051 7ffe0e1647af PyObject_GetItem 91050->91051 91052 7ffe0e16483b PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 91050->91052 91051->91060 91055 7ffe0e164893 91052->91055 91056 7ffe0e164884 91052->91056 91053 7ffe0e1647f5 PyObject_SetItem 91053->91060 91054 7ffe0e1647ed PyDict_SetItem 91054->91060 91058 7ffe0e1648a7 91055->91058 91061 7ffe0e16489e _Py_Dealloc 91055->91061 91056->91055 91057 7ffe0e16488a _Py_Dealloc 91056->91057 91057->91055 91058->91048 91063 7ffe0e1648b2 _Py_Dealloc 91058->91063 91059 7ffe0e1647c9 _Py_Dealloc 91059->91060 91060->91048 91060->91049 91060->91052 91060->91053 91060->91054 91060->91058 91060->91059 91062 7ffe0e164808 _Py_Dealloc 91060->91062 91061->91058 91062->91060 91063->91048 91064->91046 91065 7ffe012f1992 91066 7ffe0130d300 91065->91066 91067 7ffe0130d32f ERR_new ERR_set_debug ERR_set_error 91066->91067 91068 7ffe0130d363 91066->91068 91107 7ffe0130d35c 91067->91107 91108 7ffe012f1087 91068->91108 91070 7ffe0130d36f 91071 7ffe0130d3ff CRYPTO_zalloc 91070->91071 91072 7ffe0130d381 ERR_new ERR_set_debug ERR_set_error 91070->91072 91070->91107 91073 7ffe0130d3af ERR_new ERR_set_debug 91071->91073 91074 7ffe0130d41e CRYPTO_THREAD_lock_new 91071->91074 91072->91073 91075 7ffe0130d3d1 ERR_set_error 91073->91075 91076 7ffe0130d481 91074->91076 91077 7ffe0130d439 ERR_new ERR_set_debug ERR_set_error CRYPTO_free 91074->91077 91075->91107 91078 7ffe0130d489 CRYPTO_strdup 91076->91078 91079 7ffe0130d4ae 91076->91079 91077->91107 91078->91073 91078->91079 91079->91073 91080 7ffe0130d502 OPENSSL_LH_new 91079->91080 91080->91073 91081 7ffe0130d522 X509_STORE_new 91080->91081 91081->91073 91082 7ffe0130d534 CTLOG_STORE_new_ex 91081->91082 91082->91073 91083 7ffe0130d54f 91082->91083 91118 7ffe012f1618 91083->91118 91085 7ffe0130d557 91085->91107 91153 7ffe012f1361 7 API calls 91085->91153 91087 7ffe0130d567 91087->91107 91154 7ffe012f1393 6 API calls 91087->91154 91089 7ffe0130d577 91089->91073 91090 7ffe0130d786 ERR_new ERR_set_debug 91089->91090 91091 7ffe0130d5ca OPENSSL_sk_num 91089->91091 91089->91107 91090->91075 91091->91090 91092 7ffe0130d5db X509_VERIFY_PARAM_new 91091->91092 91092->91073 91093 7ffe0130d5f0 91092->91093 91094 7ffe0130d617 OPENSSL_sk_new_null 91093->91094 91094->91073 91095 7ffe0130d633 OPENSSL_sk_new_null 91094->91095 91095->91073 91096 7ffe0130d648 CRYPTO_new_ex_data 91095->91096 91096->91073 91097 7ffe0130d664 CRYPTO_secure_zalloc 91096->91097 91097->91073 91098 7ffe0130d68b 91097->91098 91099 7ffe0130d6a4 RAND_bytes_ex 91098->91099 91155 7ffe012f12cb CRYPTO_THREAD_run_once 91098->91155 91101 7ffe0130d6d4 RAND_priv_bytes_ex 91099->91101 91102 7ffe0130d70c 91099->91102 91101->91102 91104 7ffe0130d6ee RAND_priv_bytes_ex 91101->91104 91105 7ffe0130d717 RAND_priv_bytes_ex 91102->91105 91103 7ffe0130d69d 91103->91099 91104->91102 91104->91105 91105->91073 91106 7ffe0130d735 91105->91106 91106->91073 91106->91107 91108->91070 91109 7ffe0130b730 91108->91109 91110 7ffe0130b74c 91109->91110 91113 7ffe0130b79a 91109->91113 91111 7ffe0130b755 ERR_new ERR_set_debug ERR_set_error 91110->91111 91112 7ffe0130b78d 91110->91112 91111->91112 91112->91070 91113->91112 91114 7ffe0130b7e4 CRYPTO_THREAD_run_once 91113->91114 91115 7ffe0130b806 91113->91115 91114->91112 91114->91115 91116 7ffe0130b83e 91115->91116 91117 7ffe0130b80d CRYPTO_THREAD_run_once 91115->91117 91116->91070 91117->91070 91118->91085 91119 7ffe013089b0 91118->91119 91120 7ffe01308a65 EVP_MD_get_size 91119->91120 91122 7ffe01308a8b ERR_set_mark EVP_SIGNATURE_fetch 91119->91122 91120->91119 91121 7ffe01308eae 91120->91121 91121->91085 91123 7ffe01308ab2 91122->91123 91124 7ffe01308ac3 EVP_KEYEXCH_fetch 91123->91124 91125 7ffe01308ade 91124->91125 91126 7ffe01308af2 EVP_KEYEXCH_fetch 91125->91126 91127 7ffe01308b19 EVP_KEYEXCH_free 91126->91127 91128 7ffe01308b0d 91126->91128 91129 7ffe01308b21 EVP_SIGNATURE_fetch 91127->91129 91128->91129 91130 7ffe01308b45 EVP_SIGNATURE_free 91129->91130 91131 7ffe01308b3c 91129->91131 91132 7ffe01308b4d ERR_pop_to_mark EVP_PKEY_asn1_find_str 91130->91132 91131->91132 91133 7ffe01308baf EVP_PKEY_asn1_get0_info 91132->91133 91134 7ffe01308bce 91132->91134 91133->91134 91135 7ffe01308bfc EVP_PKEY_asn1_find_str 91134->91135 91136 7ffe01308c1f EVP_PKEY_asn1_get0_info 91135->91136 91137 7ffe01308c3e 91135->91137 91136->91137 91138 7ffe01308c6f EVP_PKEY_asn1_find_str 91137->91138 91139 7ffe01308c92 EVP_PKEY_asn1_get0_info 91138->91139 91140 7ffe01308cb1 91138->91140 91139->91140 91141 7ffe01308ce2 EVP_PKEY_asn1_find_str 91140->91141 91142 7ffe01308d05 EVP_PKEY_asn1_get0_info 91141->91142 91143 7ffe01308d24 91141->91143 91142->91143 91144 7ffe01308d55 EVP_PKEY_asn1_find_str 91143->91144 91145 7ffe01308d78 EVP_PKEY_asn1_get0_info 91144->91145 91147 7ffe01308d97 91144->91147 91145->91147 91146 7ffe01308db4 EVP_PKEY_asn1_find_str 91148 7ffe01308dd7 EVP_PKEY_asn1_get0_info 91146->91148 91150 7ffe01308df6 91146->91150 91147->91146 91148->91150 91149 7ffe01308e13 EVP_PKEY_asn1_find_str 91151 7ffe01308e36 EVP_PKEY_asn1_get0_info 91149->91151 91152 7ffe01308e55 91149->91152 91150->91149 91151->91152 91152->91085 91153->91087 91154->91089 91155->91103 91347 7ff6b89cccac 91368 7ff6b89cce7c 91347->91368 91350 7ff6b89ccdf8 91517 7ff6b89cd19c 7 API calls 2 library calls 91350->91517 91351 7ff6b89cccc8 __scrt_acquire_startup_lock 91353 7ff6b89cce02 91351->91353 91360 7ff6b89ccce6 __scrt_release_startup_lock 91351->91360 91518 7ff6b89cd19c 7 API calls 2 library calls 91353->91518 91355 7ff6b89cce0d _CallSETranslator 91356 7ff6b89ccd0b 91357 7ff6b89ccd91 91374 7ff6b89cd2e4 91357->91374 91359 7ff6b89ccd96 91377 7ff6b89c1000 91359->91377 91360->91356 91360->91357 91514 7ff6b89d9b9c 45 API calls 91360->91514 91365 7ff6b89ccdb9 91365->91355 91516 7ff6b89cd000 7 API calls 91365->91516 91367 7ff6b89ccdd0 91367->91356 91369 7ff6b89cce84 91368->91369 91370 7ff6b89cce90 __scrt_dllmain_crt_thread_attach 91369->91370 91371 7ff6b89cce9d 91370->91371 91373 7ff6b89cccc0 91370->91373 91371->91373 91519 7ff6b89cd8f8 7 API calls 2 library calls 91371->91519 91373->91350 91373->91351 91520 7ff6b89ea540 91374->91520 91378 7ff6b89c1009 91377->91378 91522 7ff6b89d54f4 91378->91522 91380 7ff6b89c37fb 91529 7ff6b89c36b0 91380->91529 91384 7ff6b89cc5c0 _log10_special 8 API calls 91386 7ff6b89c3ca7 91384->91386 91515 7ff6b89cd328 GetModuleHandleW 91386->91515 91387 7ff6b89c383c 91390 7ff6b89c1c80 49 API calls 91387->91390 91388 7ff6b89c391b 91389 7ff6b89c45b0 108 API calls 91388->91389 91391 7ff6b89c392b 91389->91391 91392 7ff6b89c385b 91390->91392 91393 7ff6b89c396a 91391->91393 91624 7ff6b89c7f80 91391->91624 91601 7ff6b89c8a20 91392->91601 91633 7ff6b89c2710 54 API calls _log10_special 91393->91633 91397 7ff6b89c388e 91404 7ff6b89c38bb __std_exception_destroy 91397->91404 91623 7ff6b89c8b90 40 API calls __std_exception_destroy 91397->91623 91398 7ff6b89c395d 91399 7ff6b89c3984 91398->91399 91400 7ff6b89c3962 91398->91400 91403 7ff6b89c1c80 49 API calls 91399->91403 91402 7ff6b89d00bc 74 API calls 91400->91402 91402->91393 91405 7ff6b89c39a3 91403->91405 91407 7ff6b89c8a20 14 API calls 91404->91407 91415 7ff6b89c38de __std_exception_destroy 91404->91415 91410 7ff6b89c1950 115 API calls 91405->91410 91407->91415 91408 7ff6b89c3a0b 91636 7ff6b89c8b90 40 API calls __std_exception_destroy 91408->91636 91411 7ff6b89c39ce 91410->91411 91411->91392 91413 7ff6b89c39de 91411->91413 91412 7ff6b89c3a17 91637 7ff6b89c8b90 40 API calls __std_exception_destroy 91412->91637 91634 7ff6b89c2710 54 API calls _log10_special 91413->91634 91419 7ff6b89c390e __std_exception_destroy 91415->91419 91635 7ff6b89c8b30 40 API calls __std_exception_destroy 91415->91635 91417 7ff6b89c3a23 91638 7ff6b89c8b90 40 API calls __std_exception_destroy 91417->91638 91420 7ff6b89c8a20 14 API calls 91419->91420 91421 7ff6b89c3a3b 91420->91421 91422 7ff6b89c3b2f 91421->91422 91424 7ff6b89c3a60 __std_exception_destroy 91421->91424 91640 7ff6b89c2710 54 API calls _log10_special 91422->91640 91434 7ff6b89c3aab 91424->91434 91639 7ff6b89c8b30 40 API calls __std_exception_destroy 91424->91639 91425 7ff6b89c3808 __std_exception_destroy 91425->91384 91427 7ff6b89c8a20 14 API calls 91428 7ff6b89c3bf4 __std_exception_destroy 91427->91428 91429 7ff6b89c3d41 91428->91429 91430 7ff6b89c3c46 91428->91430 91645 7ff6b89c44d0 49 API calls 91429->91645 91431 7ff6b89c3c50 91430->91431 91432 7ff6b89c3cd4 91430->91432 91641 7ff6b89c90e0 59 API calls _log10_special 91431->91641 91437 7ff6b89c8a20 14 API calls 91432->91437 91434->91427 91436 7ff6b89c3d4f 91440 7ff6b89c3d71 91436->91440 91441 7ff6b89c3d65 91436->91441 91438 7ff6b89c3ce0 91437->91438 91442 7ff6b89c3c61 91438->91442 91447 7ff6b89c3ced 91438->91447 91439 7ff6b89c3c55 91439->91442 91443 7ff6b89c3cb3 91439->91443 91445 7ff6b89c1c80 49 API calls 91440->91445 91646 7ff6b89c4620 91441->91646 91642 7ff6b89c2710 54 API calls _log10_special 91442->91642 91643 7ff6b89c8850 86 API calls 2 library calls 91443->91643 91459 7ff6b89c3d2b __std_exception_destroy 91445->91459 91451 7ff6b89c1c80 49 API calls 91447->91451 91448 7ff6b89c3dc4 91454 7ff6b89c9400 2 API calls 91448->91454 91449 7ff6b89c3cbb 91452 7ff6b89c3cbf 91449->91452 91453 7ff6b89c3cc8 91449->91453 91455 7ff6b89c3d0b 91451->91455 91452->91442 91453->91459 91457 7ff6b89c3dd7 SetDllDirectoryW 91454->91457 91458 7ff6b89c3d12 91455->91458 91455->91459 91456 7ff6b89c3da7 SetDllDirectoryW LoadLibraryExW 91456->91448 91462 7ff6b89c3e5a 91457->91462 91463 7ff6b89c3e0a 91457->91463 91644 7ff6b89c2710 54 API calls _log10_special 91458->91644 91459->91448 91459->91456 91464 7ff6b89c3ffc 91462->91464 91466 7ff6b89c3f1b 91462->91466 91465 7ff6b89c8a20 14 API calls 91463->91465 91467 7ff6b89c4029 91464->91467 91468 7ff6b89c4006 PostMessageW GetMessageW 91464->91468 91471 7ff6b89c3e16 __std_exception_destroy 91465->91471 91657 7ff6b89c33c0 121 API calls 2 library calls 91466->91657 91614 7ff6b89c3360 91467->91614 91468->91467 91470 7ff6b89c3f23 91470->91425 91472 7ff6b89c3f2b 91470->91472 91474 7ff6b89c3ef2 91471->91474 91477 7ff6b89c3e4e 91471->91477 91658 7ff6b89c90c0 LocalFree 91472->91658 91656 7ff6b89c8b30 40 API calls __std_exception_destroy 91474->91656 91477->91462 91649 7ff6b89c6db0 54 API calls _get_daylight 91477->91649 91483 7ff6b89c4043 91660 7ff6b89c6fb0 FreeLibrary 91483->91660 91487 7ff6b89c404f 91489 7ff6b89c3e6c 91650 7ff6b89c7330 117 API calls 2 library calls 91489->91650 91494 7ff6b89c3e81 91496 7ff6b89c3ea2 91494->91496 91507 7ff6b89c3e85 91494->91507 91651 7ff6b89c6df0 120 API calls _log10_special 91494->91651 91496->91507 91652 7ff6b89c71a0 125 API calls 91496->91652 91501 7ff6b89c3eb7 91501->91507 91653 7ff6b89c74e0 55 API calls 91501->91653 91502 7ff6b89c3ee0 91655 7ff6b89c6fb0 FreeLibrary 91502->91655 91507->91462 91654 7ff6b89c2a50 54 API calls _log10_special 91507->91654 91514->91357 91515->91365 91516->91367 91517->91353 91518->91355 91519->91373 91521 7ff6b89cd2fb GetStartupInfoW 91520->91521 91521->91359 91525 7ff6b89df4f0 91522->91525 91523 7ff6b89df543 91661 7ff6b89da884 37 API calls 2 library calls 91523->91661 91525->91523 91526 7ff6b89df596 91525->91526 91662 7ff6b89df3c8 71 API calls _fread_nolock 91526->91662 91528 7ff6b89df56c 91528->91380 91530 7ff6b89cc8c0 91529->91530 91531 7ff6b89c36bc GetModuleFileNameW 91530->91531 91532 7ff6b89c3710 91531->91532 91533 7ff6b89c36eb GetLastError 91531->91533 91663 7ff6b89c92f0 FindFirstFileExW 91532->91663 91668 7ff6b89c2c50 51 API calls _log10_special 91533->91668 91537 7ff6b89c3723 91669 7ff6b89c9370 CreateFileW GetFinalPathNameByHandleW CloseHandle 91537->91669 91538 7ff6b89c377d 91671 7ff6b89c94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 91538->91671 91540 7ff6b89cc5c0 _log10_special 8 API calls 91543 7ff6b89c37b5 91540->91543 91542 7ff6b89c378b 91550 7ff6b89c3706 91542->91550 91672 7ff6b89c2810 49 API calls _log10_special 91542->91672 91543->91425 91551 7ff6b89c1950 91543->91551 91544 7ff6b89c3730 91545 7ff6b89c3734 91544->91545 91546 7ff6b89c374c __vcrt_FlsAlloc 91544->91546 91670 7ff6b89c2810 49 API calls _log10_special 91545->91670 91546->91538 91549 7ff6b89c3745 91549->91550 91550->91540 91552 7ff6b89c45b0 108 API calls 91551->91552 91553 7ff6b89c1985 91552->91553 91554 7ff6b89c1c43 91553->91554 91556 7ff6b89c7f80 83 API calls 91553->91556 91555 7ff6b89cc5c0 _log10_special 8 API calls 91554->91555 91557 7ff6b89c1c5e 91555->91557 91558 7ff6b89c19cb 91556->91558 91557->91387 91557->91388 91559 7ff6b89c1a03 91558->91559 91561 7ff6b89d0744 73 API calls 91558->91561 91560 7ff6b89d00bc 74 API calls 91559->91560 91560->91554 91562 7ff6b89c19e5 91561->91562 91563 7ff6b89c19e9 91562->91563 91564 7ff6b89c1a08 91562->91564 91673 7ff6b89d4f78 11 API calls _get_daylight 91563->91673 91566 7ff6b89d040c _fread_nolock 53 API calls 91564->91566 91568 7ff6b89c1a20 91566->91568 91567 7ff6b89c19ee 91674 7ff6b89c2910 54 API calls _log10_special 91567->91674 91570 7ff6b89c1a45 91568->91570 91571 7ff6b89c1a26 91568->91571 91574 7ff6b89c1a5c 91570->91574 91575 7ff6b89c1a7b 91570->91575 91675 7ff6b89d4f78 11 API calls _get_daylight 91571->91675 91573 7ff6b89c1a2b 91676 7ff6b89c2910 54 API calls _log10_special 91573->91676 91677 7ff6b89d4f78 11 API calls _get_daylight 91574->91677 91578 7ff6b89c1c80 49 API calls 91575->91578 91580 7ff6b89c1a92 91578->91580 91579 7ff6b89c1a61 91678 7ff6b89c2910 54 API calls _log10_special 91579->91678 91582 7ff6b89c1c80 49 API calls 91580->91582 91583 7ff6b89c1add 91582->91583 91584 7ff6b89d0744 73 API calls 91583->91584 91585 7ff6b89c1b01 91584->91585 91586 7ff6b89c1b35 91585->91586 91587 7ff6b89c1b16 91585->91587 91589 7ff6b89d040c _fread_nolock 53 API calls 91586->91589 91679 7ff6b89d4f78 11 API calls _get_daylight 91587->91679 91591 7ff6b89c1b4a 91589->91591 91590 7ff6b89c1b1b 91680 7ff6b89c2910 54 API calls _log10_special 91590->91680 91593 7ff6b89c1b50 91591->91593 91594 7ff6b89c1b6f 91591->91594 91681 7ff6b89d4f78 11 API calls _get_daylight 91593->91681 91683 7ff6b89d0180 37 API calls 2 library calls 91594->91683 91597 7ff6b89c1b55 91682 7ff6b89c2910 54 API calls _log10_special 91597->91682 91598 7ff6b89c1b89 91598->91559 91684 7ff6b89c2710 54 API calls _log10_special 91598->91684 91602 7ff6b89c8a2a 91601->91602 91603 7ff6b89c9400 2 API calls 91602->91603 91604 7ff6b89c8a49 GetEnvironmentVariableW 91603->91604 91605 7ff6b89c8ab2 91604->91605 91606 7ff6b89c8a66 ExpandEnvironmentStringsW 91604->91606 91607 7ff6b89cc5c0 _log10_special 8 API calls 91605->91607 91606->91605 91608 7ff6b89c8a88 91606->91608 91609 7ff6b89c8ac4 91607->91609 91685 7ff6b89c94b0 WideCharToMultiByte WideCharToMultiByte __std_exception_destroy 91608->91685 91609->91397 91611 7ff6b89c8a9a 91612 7ff6b89cc5c0 _log10_special 8 API calls 91611->91612 91613 7ff6b89c8aaa 91612->91613 91613->91397 91686 7ff6b89c6350 91614->91686 91618 7ff6b89c3381 91622 7ff6b89c3399 91618->91622 91754 7ff6b89c6040 91618->91754 91620 7ff6b89c338d 91620->91622 91763 7ff6b89c61d0 54 API calls 91620->91763 91659 7ff6b89c3670 FreeLibrary 91622->91659 91623->91404 91625 7ff6b89c7fa4 91624->91625 91626 7ff6b89d0744 73 API calls 91625->91626 91631 7ff6b89c807b __std_exception_destroy 91625->91631 91627 7ff6b89c7fc0 91626->91627 91627->91631 91817 7ff6b89d7938 91627->91817 91629 7ff6b89d0744 73 API calls 91632 7ff6b89c7fd5 91629->91632 91630 7ff6b89d040c _fread_nolock 53 API calls 91630->91632 91631->91398 91632->91629 91632->91630 91632->91631 91633->91425 91634->91425 91635->91408 91636->91412 91637->91417 91638->91419 91639->91434 91640->91425 91641->91439 91642->91425 91643->91449 91644->91425 91645->91436 91647 7ff6b89c1c80 49 API calls 91646->91647 91648 7ff6b89c4650 91647->91648 91648->91459 91649->91489 91650->91494 91651->91496 91652->91501 91653->91507 91654->91502 91655->91462 91656->91462 91657->91470 91659->91483 91660->91487 91661->91528 91662->91528 91664 7ff6b89c932f FindClose 91663->91664 91665 7ff6b89c9342 91663->91665 91664->91665 91666 7ff6b89cc5c0 _log10_special 8 API calls 91665->91666 91667 7ff6b89c371a 91666->91667 91667->91537 91667->91538 91668->91550 91669->91544 91670->91549 91671->91542 91672->91550 91673->91567 91674->91559 91675->91573 91676->91559 91677->91579 91678->91559 91679->91590 91680->91559 91681->91597 91682->91559 91683->91598 91684->91559 91685->91611 91687 7ff6b89c6365 91686->91687 91688 7ff6b89c1c80 49 API calls 91687->91688 91689 7ff6b89c63a1 91688->91689 91690 7ff6b89c63cd 91689->91690 91691 7ff6b89c63aa 91689->91691 91693 7ff6b89c4620 49 API calls 91690->91693 91774 7ff6b89c2710 54 API calls _log10_special 91691->91774 91696 7ff6b89c63e5 91693->91696 91694 7ff6b89c63c3 91699 7ff6b89cc5c0 _log10_special 8 API calls 91694->91699 91695 7ff6b89c6403 91764 7ff6b89c4550 91695->91764 91696->91695 91775 7ff6b89c2710 54 API calls _log10_special 91696->91775 91701 7ff6b89c336e 91699->91701 91701->91622 91717 7ff6b89c64f0 91701->91717 91702 7ff6b89c641b 91704 7ff6b89c4620 49 API calls 91702->91704 91703 7ff6b89c9070 3 API calls 91703->91702 91705 7ff6b89c6434 91704->91705 91706 7ff6b89c6459 91705->91706 91707 7ff6b89c6439 91705->91707 91770 7ff6b89c9070 91706->91770 91776 7ff6b89c2710 54 API calls _log10_special 91707->91776 91710 7ff6b89c6466 91711 7ff6b89c64b1 91710->91711 91712 7ff6b89c6472 91710->91712 91778 7ff6b89c5820 137 API calls 91711->91778 91713 7ff6b89c9400 2 API calls 91712->91713 91715 7ff6b89c648a GetLastError 91713->91715 91777 7ff6b89c2c50 51 API calls _log10_special 91715->91777 91779 7ff6b89c53f0 91717->91779 91719 7ff6b89c6516 91720 7ff6b89c652f 91719->91720 91721 7ff6b89c651e 91719->91721 91786 7ff6b89c4c80 91720->91786 91804 7ff6b89c2710 54 API calls _log10_special 91721->91804 91725 7ff6b89c654c 91729 7ff6b89c655c 91725->91729 91731 7ff6b89c656d 91725->91731 91726 7ff6b89c653b 91805 7ff6b89c2710 54 API calls _log10_special 91726->91805 91728 7ff6b89c652a 91728->91618 91806 7ff6b89c2710 54 API calls _log10_special 91729->91806 91732 7ff6b89c659d 91731->91732 91733 7ff6b89c658c 91731->91733 91735 7ff6b89c65bd 91732->91735 91736 7ff6b89c65ac 91732->91736 91807 7ff6b89c2710 54 API calls _log10_special 91733->91807 91790 7ff6b89c4d40 91735->91790 91808 7ff6b89c2710 54 API calls _log10_special 91736->91808 91740 7ff6b89c65dd 91743 7ff6b89c65fd 91740->91743 91744 7ff6b89c65ec 91740->91744 91741 7ff6b89c65cc 91809 7ff6b89c2710 54 API calls _log10_special 91741->91809 91746 7ff6b89c660f 91743->91746 91748 7ff6b89c6620 91743->91748 91810 7ff6b89c2710 54 API calls _log10_special 91744->91810 91811 7ff6b89c2710 54 API calls _log10_special 91746->91811 91751 7ff6b89c664a 91748->91751 91812 7ff6b89d7320 73 API calls 91748->91812 91750 7ff6b89c6638 91813 7ff6b89d7320 73 API calls 91750->91813 91751->91728 91814 7ff6b89c2710 54 API calls _log10_special 91751->91814 91755 7ff6b89c6060 91754->91755 91755->91755 91756 7ff6b89c6089 91755->91756 91760 7ff6b89c60a0 __std_exception_destroy 91755->91760 91816 7ff6b89c2710 54 API calls _log10_special 91756->91816 91758 7ff6b89c6095 91758->91620 91759 7ff6b89c1470 116 API calls 91759->91760 91760->91759 91761 7ff6b89c2710 54 API calls 91760->91761 91762 7ff6b89c61ab 91760->91762 91761->91760 91762->91620 91763->91622 91765 7ff6b89c455a 91764->91765 91766 7ff6b89c9400 2 API calls 91765->91766 91767 7ff6b89c457f 91766->91767 91768 7ff6b89cc5c0 _log10_special 8 API calls 91767->91768 91769 7ff6b89c45a7 91768->91769 91769->91702 91769->91703 91771 7ff6b89c9400 2 API calls 91770->91771 91772 7ff6b89c9084 LoadLibraryExW 91771->91772 91773 7ff6b89c90a3 __std_exception_destroy 91772->91773 91773->91710 91774->91694 91775->91695 91776->91694 91777->91694 91778->91694 91780 7ff6b89c541c 91779->91780 91781 7ff6b89c5424 91780->91781 91784 7ff6b89c55c4 91780->91784 91815 7ff6b89d6b14 48 API calls 91780->91815 91781->91719 91782 7ff6b89c5787 __std_exception_destroy 91782->91719 91783 7ff6b89c47c0 47 API calls 91783->91784 91784->91782 91784->91783 91787 7ff6b89c4cb0 91786->91787 91788 7ff6b89cc5c0 _log10_special 8 API calls 91787->91788 91789 7ff6b89c4d1a 91788->91789 91789->91725 91789->91726 91791 7ff6b89c4d55 91790->91791 91792 7ff6b89c1c80 49 API calls 91791->91792 91793 7ff6b89c4da1 91792->91793 91794 7ff6b89c1c80 49 API calls 91793->91794 91803 7ff6b89c4e23 __std_exception_destroy 91793->91803 91796 7ff6b89c4de0 91794->91796 91795 7ff6b89cc5c0 _log10_special 8 API calls 91797 7ff6b89c4e6e 91795->91797 91798 7ff6b89c9400 2 API calls 91796->91798 91796->91803 91797->91740 91797->91741 91799 7ff6b89c4df6 91798->91799 91800 7ff6b89c9400 2 API calls 91799->91800 91801 7ff6b89c4e0d 91800->91801 91802 7ff6b89c9400 2 API calls 91801->91802 91802->91803 91803->91795 91804->91728 91805->91728 91806->91728 91807->91728 91808->91728 91809->91728 91810->91728 91811->91728 91812->91750 91813->91751 91814->91728 91815->91780 91816->91758 91818 7ff6b89d7968 91817->91818 91821 7ff6b89d7444 91818->91821 91820 7ff6b89d7981 91820->91632 91822 7ff6b89d748e 91821->91822 91823 7ff6b89d745f 91821->91823 91831 7ff6b89d54dc EnterCriticalSection 91822->91831 91832 7ff6b89da884 37 API calls 2 library calls 91823->91832 91826 7ff6b89d7493 91828 7ff6b89d74b0 38 API calls 91826->91828 91827 7ff6b89d747f 91827->91820 91829 7ff6b89d749f 91828->91829 91830 7ff6b89d54e8 _fread_nolock LeaveCriticalSection 91829->91830 91830->91827 91832->91827 91156 7ffe11ea3ab0 PyFrozenSet_New 91157 7ffe11ea3b0f 91156->91157 91158 7ffe11ea3ad3 EVP_MD_do_all_provided 91156->91158 91159 7ffe11ea5422 91158->91159 91160 7ffe11ea3af2 PyModule_AddObject 91158->91160 91159->91157 91161 7ffe11ea543a _Py_Dealloc 91159->91161 91160->91157 91160->91159 91161->91157 91162 7ffe0ec481d8 91164 7ffe0ec48204 91162->91164 91163 7ffe0ec4822e _PyArg_UnpackKeywords 91165 7ffe0ec482ac 91163->91165 91166 7ffe0ec4826b 91163->91166 91164->91163 91164->91166 91204 7ffe0ec42680 8 API calls 2 library calls 91165->91204 91170 7ffe0ec482cc _errno 91166->91170 91169 7ffe0ec482bf 91171 7ffe0ec4835a PyUnicode_FSConverter 91170->91171 91175 7ffe0ec48330 91170->91175 91174 7ffe0ec4836b PyErr_ExceptionMatches 91171->91174 91171->91175 91172 7ffe0ec48335 91176 7ffe0ec4833e 91172->91176 91179 7ffe0ec48436 91172->91179 91180 7ffe0ec4845a PyObject_CheckBuffer 91172->91180 91181 7ffe0ec483db PyUnicode_AsASCIIString 91172->91181 91173 7ffe0ec48391 PyUnicode_FSConverter 91173->91172 91177 7ffe0ec483a2 PyErr_ExceptionMatches 91173->91177 91174->91176 91190 7ffe0ec4854a 91174->91190 91175->91172 91175->91173 91178 7ffe0ec48345 PyErr_SetString 91176->91178 91177->91176 91177->91190 91178->91190 91188 7ffe0ec484e9 PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 91179->91188 91179->91190 91180->91176 91182 7ffe0ec48464 PyObject_GetBuffer 91180->91182 91184 7ffe0ec4840d 91181->91184 91185 7ffe0ec483e9 PyErr_ExceptionMatches 91181->91185 91189 7ffe0ec4847c PyBuffer_IsContiguous 91182->91189 91182->91190 91183 7ffe0ec48566 91186 7ffe0ec48580 91183->91186 91196 7ffe0ec4857a _Py_Dealloc 91183->91196 91205 7ffe0ec44d0c 46 API calls 91184->91205 91185->91176 91185->91190 91186->91165 91188->91190 91192 7ffe0ec48511 _errno 91188->91192 91193 7ffe0ec484be PyBuffer_Release 91189->91193 91194 7ffe0ec4848c 91189->91194 91190->91183 91195 7ffe0ec48560 _Py_Dealloc 91190->91195 91191 7ffe0ec48420 91191->91179 91201 7ffe0ec4842d _Py_Dealloc 91191->91201 91197 7ffe0ec48534 91192->91197 91198 7ffe0ec4851c PyErr_SetFromErrno ERR_clear_error 91192->91198 91193->91178 91194->91193 91199 7ffe0ec48491 91194->91199 91195->91183 91196->91186 91207 7ffe0ec46554 31 API calls 91197->91207 91198->91190 91206 7ffe0ec44d0c 46 API calls 91199->91206 91201->91179 91203 7ffe0ec484a7 PyBuffer_Release 91203->91179 91203->91190 91204->91169 91205->91191 91206->91203 91207->91190 91208 7ff6b89d5698 91209 7ff6b89d56b2 91208->91209 91210 7ff6b89d56cf 91208->91210 91233 7ff6b89d4f58 11 API calls _get_daylight 91209->91233 91210->91209 91212 7ff6b89d56e2 CreateFileW 91210->91212 91213 7ff6b89d574c 91212->91213 91214 7ff6b89d5716 91212->91214 91237 7ff6b89d5c74 46 API calls 3 library calls 91213->91237 91236 7ff6b89d57ec 59 API calls 3 library calls 91214->91236 91215 7ff6b89d56b7 91234 7ff6b89d4f78 11 API calls _get_daylight 91215->91234 91219 7ff6b89d5724 91222 7ff6b89d5741 CloseHandle 91219->91222 91223 7ff6b89d572b CloseHandle 91219->91223 91220 7ff6b89d5751 91224 7ff6b89d5755 91220->91224 91225 7ff6b89d5780 91220->91225 91221 7ff6b89d56bf 91235 7ff6b89da950 37 API calls _invalid_parameter_noinfo 91221->91235 91227 7ff6b89d56ca 91222->91227 91223->91227 91238 7ff6b89d4eec 11 API calls 2 library calls 91224->91238 91239 7ff6b89d5a34 51 API calls 91225->91239 91230 7ff6b89d578d 91240 7ff6b89d5b70 21 API calls _fread_nolock 91230->91240 91232 7ff6b89d575f 91232->91227 91233->91215 91234->91221 91235->91227 91236->91219 91237->91220 91238->91232 91239->91230 91240->91232

                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                              Function 00007FFE012F1618 Relevance: 65.1, APIs: 23, Strings: 14, Instructions: 314COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 55 7ffe012f1618-7ffe013089eb call 7ffe012f1325 59 7ffe013089f0-7ffe013089f5 55->59 60 7ffe01308a16-7ffe01308a22 59->60 61 7ffe013089f7-7ffe01308a01 call 7ffe012f1e1f 59->61 60->59 63 7ffe01308a24-7ffe01308a3c 60->63 64 7ffe01308a06-7ffe01308a0c 61->64 65 7ffe01308a40-7ffe01308a59 call 7ffe012f185c 63->65 64->60 66 7ffe01308a0e-7ffe01308a10 64->66 69 7ffe01308a65-7ffe01308a6f EVP_MD_get_size 65->69 70 7ffe01308a5b-7ffe01308a63 65->70 66->60 72 7ffe01308eae-7ffe01308ec0 69->72 73 7ffe01308a75-7ffe01308a77 69->73 71 7ffe01308a7a-7ffe01308a89 70->71 71->65 74 7ffe01308a8b-7ffe01308ab0 ERR_set_mark EVP_SIGNATURE_fetch 71->74 73->71 75 7ffe01308ab2-7ffe01308ab9 74->75 76 7ffe01308abb-7ffe01308abe call 7ffe0136c5e9 74->76 77 7ffe01308ac3-7ffe01308adc EVP_KEYEXCH_fetch 75->77 76->77 79 7ffe01308ade-7ffe01308ae8 77->79 80 7ffe01308aea-7ffe01308aed call 7ffe0136c5f5 77->80 81 7ffe01308af2-7ffe01308b0b EVP_KEYEXCH_fetch 79->81 80->81 83 7ffe01308b19-7ffe01308b1c EVP_KEYEXCH_free 81->83 84 7ffe01308b0d-7ffe01308b17 81->84 85 7ffe01308b21-7ffe01308b3a EVP_SIGNATURE_fetch 83->85 84->85 86 7ffe01308b45-7ffe01308b48 EVP_SIGNATURE_free 85->86 87 7ffe01308b3c-7ffe01308b43 85->87 88 7ffe01308b4d-7ffe01308bad ERR_pop_to_mark EVP_PKEY_asn1_find_str 86->88 87->88 89 7ffe01308baf-7ffe01308bcc EVP_PKEY_asn1_get0_info 88->89 90 7ffe01308bd2-7ffe01308be6 call 7ffe012f1032 88->90 89->90 92 7ffe01308bce 89->92 94 7ffe01308bf5 90->94 95 7ffe01308be8-7ffe01308bf3 90->95 92->90 96 7ffe01308bfc-7ffe01308c1d EVP_PKEY_asn1_find_str 94->96 95->96 97 7ffe01308c1f-7ffe01308c3c EVP_PKEY_asn1_get0_info 96->97 98 7ffe01308c42-7ffe01308c56 call 7ffe012f1032 96->98 97->98 99 7ffe01308c3e 97->99 102 7ffe01308c65 98->102 103 7ffe01308c58-7ffe01308c63 98->103 99->98 104 7ffe01308c6f-7ffe01308c90 EVP_PKEY_asn1_find_str 102->104 103->104 105 7ffe01308c92-7ffe01308caf EVP_PKEY_asn1_get0_info 104->105 106 7ffe01308cb5-7ffe01308cc9 call 7ffe012f1032 104->106 105->106 108 7ffe01308cb1 105->108 110 7ffe01308cd8 106->110 111 7ffe01308ccb-7ffe01308cd6 106->111 108->106 112 7ffe01308ce2-7ffe01308d03 EVP_PKEY_asn1_find_str 110->112 111->112 113 7ffe01308d05-7ffe01308d22 EVP_PKEY_asn1_get0_info 112->113 114 7ffe01308d28-7ffe01308d3c call 7ffe012f1032 112->114 113->114 115 7ffe01308d24 113->115 118 7ffe01308d3e-7ffe01308d49 114->118 119 7ffe01308d4b 114->119 115->114 120 7ffe01308d55-7ffe01308d76 EVP_PKEY_asn1_find_str 118->120 119->120 121 7ffe01308d78-7ffe01308d95 EVP_PKEY_asn1_get0_info 120->121 122 7ffe01308d9b-7ffe01308da8 call 7ffe012f1032 120->122 121->122 124 7ffe01308d97 121->124 126 7ffe01308db4-7ffe01308dd5 EVP_PKEY_asn1_find_str 122->126 127 7ffe01308daa 122->127 124->122 128 7ffe01308dd7-7ffe01308df4 EVP_PKEY_asn1_get0_info 126->128 129 7ffe01308dfa-7ffe01308e07 call 7ffe012f1032 126->129 127->126 128->129 130 7ffe01308df6 128->130 133 7ffe01308e13-7ffe01308e34 EVP_PKEY_asn1_find_str 129->133 134 7ffe01308e09 129->134 130->129 135 7ffe01308e36-7ffe01308e53 EVP_PKEY_asn1_get0_info 133->135 136 7ffe01308e59-7ffe01308e66 call 7ffe012f1032 133->136 134->133 135->136 137 7ffe01308e55 135->137 140 7ffe01308e72-7ffe01308e81 136->140 141 7ffe01308e68 136->141 137->136 142 7ffe01308e83 140->142 143 7ffe01308e8a-7ffe01308e8c 140->143 141->140 142->143 144 7ffe01308e8e 143->144 145 7ffe01308e98-7ffe01308ead 143->145 144->145
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Y_asn1_find_strY_asn1_get0_info$E_fetchH_fetch$D_get_sizeE_freeH_freeR_pop_to_markR_set_mark
                                                                                                                                                                                                              • String ID: $ $ $ $DSA$ECDH$ECDSA$gost-mac$gost-mac-12$gost2001$gost2012_256$gost2012_512$kuznyechik-mac$magma-mac
                                                                                                                                                                                                              • API String ID: 4252356852-365409564
                                                                                                                                                                                                              • Opcode ID: 7caece2b3d371fe002a5019b5f5ffa2af5cf230c7cefdfd470046396768acd30
                                                                                                                                                                                                              • Instruction ID: 530c697b8931833a479fa8bbdc10c4c9022d4eb354f46611694b5462eae14e59
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7caece2b3d371fe002a5019b5f5ffa2af5cf230c7cefdfd470046396768acd30
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 43E1BF72A05B9286EB51DF34D8906E937E0FB44798F056139EE4E4E6A9DF3CE090CB00
                                                                                                                                                                                                              Function 00007FF6B89C1000 Relevance: 61.8, APIs: 7, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 146 7ff6b89c1000-7ff6b89c3806 call 7ff6b89cfe88 call 7ff6b89cfe90 call 7ff6b89cc8c0 call 7ff6b89d5460 call 7ff6b89d54f4 call 7ff6b89c36b0 160 7ff6b89c3814-7ff6b89c3836 call 7ff6b89c1950 146->160 161 7ff6b89c3808-7ff6b89c380f 146->161 167 7ff6b89c383c-7ff6b89c3856 call 7ff6b89c1c80 160->167 168 7ff6b89c391b-7ff6b89c3931 call 7ff6b89c45b0 160->168 162 7ff6b89c3c97-7ff6b89c3cb2 call 7ff6b89cc5c0 161->162 172 7ff6b89c385b-7ff6b89c389b call 7ff6b89c8a20 167->172 173 7ff6b89c3933-7ff6b89c3960 call 7ff6b89c7f80 168->173 174 7ff6b89c396a-7ff6b89c397f call 7ff6b89c2710 168->174 181 7ff6b89c38c1-7ff6b89c38cc call 7ff6b89d4fa0 172->181 182 7ff6b89c389d-7ff6b89c38a3 172->182 184 7ff6b89c3984-7ff6b89c39a6 call 7ff6b89c1c80 173->184 185 7ff6b89c3962-7ff6b89c3965 call 7ff6b89d00bc 173->185 186 7ff6b89c3c8f 174->186 194 7ff6b89c38d2-7ff6b89c38e1 call 7ff6b89c8a20 181->194 195 7ff6b89c39fc-7ff6b89c3a2a call 7ff6b89c8b30 call 7ff6b89c8b90 * 3 181->195 187 7ff6b89c38af-7ff6b89c38bd call 7ff6b89c8b90 182->187 188 7ff6b89c38a5-7ff6b89c38ad 182->188 199 7ff6b89c39b0-7ff6b89c39b9 184->199 185->174 186->162 187->181 188->187 204 7ff6b89c39f4-7ff6b89c39f7 call 7ff6b89d4fa0 194->204 205 7ff6b89c38e7-7ff6b89c38ed 194->205 221 7ff6b89c3a2f-7ff6b89c3a3e call 7ff6b89c8a20 195->221 199->199 202 7ff6b89c39bb-7ff6b89c39d8 call 7ff6b89c1950 199->202 202->172 211 7ff6b89c39de-7ff6b89c39ef call 7ff6b89c2710 202->211 204->195 209 7ff6b89c38f0-7ff6b89c38fc 205->209 213 7ff6b89c38fe-7ff6b89c3903 209->213 214 7ff6b89c3905-7ff6b89c3908 209->214 211->186 213->209 213->214 214->204 217 7ff6b89c390e-7ff6b89c3916 call 7ff6b89d4fa0 214->217 217->221 225 7ff6b89c3b45-7ff6b89c3b53 221->225 226 7ff6b89c3a44-7ff6b89c3a47 221->226 228 7ff6b89c3b59-7ff6b89c3b5d 225->228 229 7ff6b89c3a67 225->229 226->225 227 7ff6b89c3a4d-7ff6b89c3a50 226->227 230 7ff6b89c3b14-7ff6b89c3b17 227->230 231 7ff6b89c3a56-7ff6b89c3a5a 227->231 232 7ff6b89c3a6b-7ff6b89c3a90 call 7ff6b89d4fa0 228->232 229->232 233 7ff6b89c3b2f-7ff6b89c3b40 call 7ff6b89c2710 230->233 234 7ff6b89c3b19-7ff6b89c3b1d 230->234 231->230 235 7ff6b89c3a60 231->235 241 7ff6b89c3a92-7ff6b89c3aa6 call 7ff6b89c8b30 232->241 242 7ff6b89c3aab-7ff6b89c3ac0 232->242 243 7ff6b89c3c7f-7ff6b89c3c87 233->243 234->233 237 7ff6b89c3b1f-7ff6b89c3b2a 234->237 235->229 237->232 241->242 245 7ff6b89c3be8-7ff6b89c3bfa call 7ff6b89c8a20 242->245 246 7ff6b89c3ac6-7ff6b89c3aca 242->246 243->186 255 7ff6b89c3c2e 245->255 256 7ff6b89c3bfc-7ff6b89c3c02 245->256 247 7ff6b89c3ad0-7ff6b89c3ae8 call 7ff6b89d52c0 246->247 248 7ff6b89c3bcd-7ff6b89c3be2 call 7ff6b89c1940 246->248 257 7ff6b89c3b62-7ff6b89c3b7a call 7ff6b89d52c0 247->257 258 7ff6b89c3aea-7ff6b89c3b02 call 7ff6b89d52c0 247->258 248->245 248->246 259 7ff6b89c3c31-7ff6b89c3c40 call 7ff6b89d4fa0 255->259 260 7ff6b89c3c1e-7ff6b89c3c2c 256->260 261 7ff6b89c3c04-7ff6b89c3c1c 256->261 271 7ff6b89c3b87-7ff6b89c3b9f call 7ff6b89d52c0 257->271 272 7ff6b89c3b7c-7ff6b89c3b80 257->272 258->248 268 7ff6b89c3b08-7ff6b89c3b0f 258->268 269 7ff6b89c3d41-7ff6b89c3d63 call 7ff6b89c44d0 259->269 270 7ff6b89c3c46-7ff6b89c3c4a 259->270 260->259 261->259 268->248 285 7ff6b89c3d71-7ff6b89c3d82 call 7ff6b89c1c80 269->285 286 7ff6b89c3d65-7ff6b89c3d6f call 7ff6b89c4620 269->286 274 7ff6b89c3c50-7ff6b89c3c5f call 7ff6b89c90e0 270->274 275 7ff6b89c3cd4-7ff6b89c3ce6 call 7ff6b89c8a20 270->275 281 7ff6b89c3ba1-7ff6b89c3ba5 271->281 282 7ff6b89c3bac-7ff6b89c3bc4 call 7ff6b89d52c0 271->282 272->271 288 7ff6b89c3c61 274->288 289 7ff6b89c3cb3-7ff6b89c3cbd call 7ff6b89c8850 274->289 291 7ff6b89c3d35-7ff6b89c3d3c 275->291 292 7ff6b89c3ce8-7ff6b89c3ceb 275->292 281->282 282->248 303 7ff6b89c3bc6 282->303 299 7ff6b89c3d87-7ff6b89c3d96 285->299 286->299 295 7ff6b89c3c68 call 7ff6b89c2710 288->295 307 7ff6b89c3cbf-7ff6b89c3cc6 289->307 308 7ff6b89c3cc8-7ff6b89c3ccf 289->308 291->295 292->291 297 7ff6b89c3ced-7ff6b89c3d10 call 7ff6b89c1c80 292->297 311 7ff6b89c3c6d-7ff6b89c3c77 295->311 314 7ff6b89c3d12-7ff6b89c3d26 call 7ff6b89c2710 call 7ff6b89d4fa0 297->314 315 7ff6b89c3d2b-7ff6b89c3d33 call 7ff6b89d4fa0 297->315 300 7ff6b89c3dc4-7ff6b89c3dda call 7ff6b89c9400 299->300 301 7ff6b89c3d98-7ff6b89c3d9f 299->301 317 7ff6b89c3de8-7ff6b89c3e04 SetDllDirectoryW 300->317 318 7ff6b89c3ddc 300->318 301->300 306 7ff6b89c3da1-7ff6b89c3da5 301->306 303->248 306->300 312 7ff6b89c3da7-7ff6b89c3dbe SetDllDirectoryW LoadLibraryExW 306->312 307->295 308->299 311->243 312->300 314->311 315->299 322 7ff6b89c3f01-7ff6b89c3f08 317->322 323 7ff6b89c3e0a-7ff6b89c3e19 call 7ff6b89c8a20 317->323 318->317 325 7ff6b89c3f0e-7ff6b89c3f15 322->325 326 7ff6b89c3ffc-7ff6b89c4004 322->326 335 7ff6b89c3e32-7ff6b89c3e3c call 7ff6b89d4fa0 323->335 336 7ff6b89c3e1b-7ff6b89c3e21 323->336 325->326 329 7ff6b89c3f1b-7ff6b89c3f25 call 7ff6b89c33c0 325->329 330 7ff6b89c4029-7ff6b89c4034 call 7ff6b89c36a0 call 7ff6b89c3360 326->330 331 7ff6b89c4006-7ff6b89c4023 PostMessageW GetMessageW 326->331 329->311 343 7ff6b89c3f2b-7ff6b89c3f3f call 7ff6b89c90c0 329->343 348 7ff6b89c4039-7ff6b89c405b call 7ff6b89c3670 call 7ff6b89c6fb0 call 7ff6b89c6d60 330->348 331->330 345 7ff6b89c3ef2-7ff6b89c3efc call 7ff6b89c8b30 335->345 346 7ff6b89c3e42-7ff6b89c3e48 335->346 340 7ff6b89c3e23-7ff6b89c3e2b 336->340 341 7ff6b89c3e2d-7ff6b89c3e2f 336->341 340->341 341->335 355 7ff6b89c3f41-7ff6b89c3f5e PostMessageW GetMessageW 343->355 356 7ff6b89c3f64-7ff6b89c3fa7 call 7ff6b89c8b30 call 7ff6b89c8bd0 call 7ff6b89c6fb0 call 7ff6b89c6d60 call 7ff6b89c8ad0 343->356 345->322 346->345 349 7ff6b89c3e4e-7ff6b89c3e54 346->349 353 7ff6b89c3e5f-7ff6b89c3e61 349->353 354 7ff6b89c3e56-7ff6b89c3e58 349->354 353->322 358 7ff6b89c3e67-7ff6b89c3e83 call 7ff6b89c6db0 call 7ff6b89c7330 353->358 354->358 359 7ff6b89c3e5a 354->359 355->356 394 7ff6b89c3fe9-7ff6b89c3ff7 call 7ff6b89c1900 356->394 395 7ff6b89c3fa9-7ff6b89c3fb3 call 7ff6b89c9200 356->395 374 7ff6b89c3e8e-7ff6b89c3e95 358->374 375 7ff6b89c3e85-7ff6b89c3e8c 358->375 359->322 378 7ff6b89c3eaf-7ff6b89c3eb9 call 7ff6b89c71a0 374->378 379 7ff6b89c3e97-7ff6b89c3ea4 call 7ff6b89c6df0 374->379 377 7ff6b89c3edb-7ff6b89c3ef0 call 7ff6b89c2a50 call 7ff6b89c6fb0 call 7ff6b89c6d60 375->377 377->322 389 7ff6b89c3ec4-7ff6b89c3ed2 call 7ff6b89c74e0 378->389 390 7ff6b89c3ebb-7ff6b89c3ec2 378->390 379->378 388 7ff6b89c3ea6-7ff6b89c3ead 379->388 388->377 389->322 403 7ff6b89c3ed4 389->403 390->377 394->311 395->394 405 7ff6b89c3fb5-7ff6b89c3fca 395->405 403->377 406 7ff6b89c3fe4 call 7ff6b89c2a50 405->406 407 7ff6b89c3fcc-7ff6b89c3fdf call 7ff6b89c2710 call 7ff6b89c1900 405->407 406->394 407->311
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastModuleName
                                                                                                                                                                                                              • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                                              • API String ID: 2776309574-4232158417
                                                                                                                                                                                                              • Opcode ID: d02545141998fec8b25848ae1ed1df906e7abc4b971c3e4ab34b798fb2006b6e
                                                                                                                                                                                                              • Instruction ID: 3b5664e8991f8398a28a3053a139b95b45c06e1eb67bea6b7f1f6df451b5757c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d02545141998fec8b25848ae1ed1df906e7abc4b971c3e4ab34b798fb2006b6e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8632AE21A1C68391FE15BB3DD4543B92A61AF44786F844032DB5DC32D3EF2EE55ADB08
                                                                                                                                                                                                              Function 00007FFE012F1992 Relevance: 58.0, APIs: 31, Strings: 2, Instructions: 255COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 413 7ffe012f1992-7ffe0130d32d call 7ffe012f1325 417 7ffe0130d32f-7ffe0130d357 ERR_new ERR_set_debug ERR_set_error 413->417 418 7ffe0130d363-7ffe0130d371 call 7ffe012f1087 413->418 419 7ffe0130d35c-7ffe0130d35e 417->419 418->419 423 7ffe0130d373-7ffe0130d37f call 7ffe012f1ea6 418->423 421 7ffe0130d3ec-7ffe0130d3fe 419->421 426 7ffe0130d3ff-7ffe0130d41c CRYPTO_zalloc 423->426 427 7ffe0130d381-7ffe0130d3aa ERR_new ERR_set_debug ERR_set_error 423->427 428 7ffe0130d3af-7ffe0130d3cc ERR_new ERR_set_debug 426->428 429 7ffe0130d41e-7ffe0130d437 CRYPTO_THREAD_lock_new 426->429 427->428 430 7ffe0130d3d1-7ffe0130d3d8 ERR_set_error 428->430 431 7ffe0130d481-7ffe0130d487 429->431 432 7ffe0130d439-7ffe0130d47c ERR_new ERR_set_debug ERR_set_error CRYPTO_free 429->432 433 7ffe0130d3dd-7ffe0130d3e0 call 7ffe012f2298 430->433 435 7ffe0130d4ae-7ffe0130d4fc call 7ffe012f2662 431->435 436 7ffe0130d489-7ffe0130d4a8 CRYPTO_strdup 431->436 434 7ffe0130d3e5 432->434 433->434 438 7ffe0130d3e7 434->438 435->428 442 7ffe0130d502-7ffe0130d51c OPENSSL_LH_new 435->442 436->428 436->435 438->421 442->428 443 7ffe0130d522-7ffe0130d52e X509_STORE_new 442->443 443->428 444 7ffe0130d534-7ffe0130d549 CTLOG_STORE_new_ex 443->444 444->428 445 7ffe0130d54f-7ffe0130d552 call 7ffe012f1618 444->445 447 7ffe0130d557-7ffe0130d559 445->447 447->433 448 7ffe0130d55f-7ffe0130d569 call 7ffe012f1361 447->448 448->433 451 7ffe0130d56f-7ffe0130d579 call 7ffe012f1393 448->451 451->433 454 7ffe0130d57f-7ffe0130d591 call 7ffe012f1118 call 7ffe012f2581 451->454 454->428 459 7ffe0130d597-7ffe0130d5c4 call 7ffe012f26da call 7ffe012f1fd2 454->459 464 7ffe0130d786-7ffe0130d7a8 ERR_new ERR_set_debug 459->464 465 7ffe0130d5ca-7ffe0130d5d5 OPENSSL_sk_num 459->465 464->430 465->464 466 7ffe0130d5db-7ffe0130d5ea X509_VERIFY_PARAM_new 465->466 466->428 467 7ffe0130d5f0-7ffe0130d62d call 7ffe012f185c * 2 OPENSSL_sk_new_null 466->467 467->428 472 7ffe0130d633-7ffe0130d642 OPENSSL_sk_new_null 467->472 472->428 473 7ffe0130d648-7ffe0130d65e CRYPTO_new_ex_data 472->473 473->428 474 7ffe0130d664-7ffe0130d685 CRYPTO_secure_zalloc 473->474 474->428 475 7ffe0130d68b-7ffe0130d696 474->475 476 7ffe0130d6a4-7ffe0130d6d2 RAND_bytes_ex 475->476 477 7ffe0130d698-7ffe0130d69d call 7ffe012f12cb 475->477 479 7ffe0130d6d4-7ffe0130d6ec RAND_priv_bytes_ex 476->479 480 7ffe0130d70c 476->480 477->476 479->480 482 7ffe0130d6ee-7ffe0130d70a RAND_priv_bytes_ex 479->482 483 7ffe0130d717-7ffe0130d72f RAND_priv_bytes_ex 480->483 482->480 482->483 483->428 484 7ffe0130d735-7ffe0130d73f call 7ffe012f25d1 483->484 484->428 487 7ffe0130d745-7ffe0130d781 call 7ffe012f2054 484->487 487->438
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug$R_set_error$D_priv_bytes_ex$L_sk_new_nullX509_$D_bytes_exD_lock_newE_newE_new_exH_newL_sk_numM_newO_freeO_new_ex_dataO_secure_zallocO_strdupO_zalloc
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_new_ex
                                                                                                                                                                                                              • API String ID: 864562269-27091654
                                                                                                                                                                                                              • Opcode ID: 0ef21fb0b24aa75d52d15136eef25518695f37dfed3ffb2822b27bc7d2223680
                                                                                                                                                                                                              • Instruction ID: 8a8e4709f2790e9a232ebc5a71ed386064b4107ff3128a96993d04ca184c43d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0ef21fb0b24aa75d52d15136eef25518695f37dfed3ffb2822b27bc7d2223680
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EC16861A19B8381FB51ABA5E8617F923D5EF45B88F4A5039DE4D4E6E6DF3CE400C320
                                                                                                                                                                                                              Function 00007FF6B89E69D4 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 840 7ff6b89e69d4-7ff6b89e6a47 call 7ff6b89e6708 843 7ff6b89e6a61-7ff6b89e6a6b call 7ff6b89d8590 840->843 844 7ff6b89e6a49-7ff6b89e6a52 call 7ff6b89d4f58 840->844 850 7ff6b89e6a6d-7ff6b89e6a84 call 7ff6b89d4f58 call 7ff6b89d4f78 843->850 851 7ff6b89e6a86-7ff6b89e6aef CreateFileW 843->851 849 7ff6b89e6a55-7ff6b89e6a5c call 7ff6b89d4f78 844->849 867 7ff6b89e6da2-7ff6b89e6dc2 849->867 850->849 852 7ff6b89e6af1-7ff6b89e6af7 851->852 853 7ff6b89e6b6c-7ff6b89e6b77 GetFileType 851->853 856 7ff6b89e6b39-7ff6b89e6b67 GetLastError call 7ff6b89d4eec 852->856 857 7ff6b89e6af9-7ff6b89e6afd 852->857 859 7ff6b89e6bca-7ff6b89e6bd1 853->859 860 7ff6b89e6b79-7ff6b89e6bb4 GetLastError call 7ff6b89d4eec CloseHandle 853->860 856->849 857->856 865 7ff6b89e6aff-7ff6b89e6b37 CreateFileW 857->865 863 7ff6b89e6bd3-7ff6b89e6bd7 859->863 864 7ff6b89e6bd9-7ff6b89e6bdc 859->864 860->849 875 7ff6b89e6bba-7ff6b89e6bc5 call 7ff6b89d4f78 860->875 870 7ff6b89e6be2-7ff6b89e6c37 call 7ff6b89d84a8 863->870 864->870 871 7ff6b89e6bde 864->871 865->853 865->856 878 7ff6b89e6c56-7ff6b89e6c87 call 7ff6b89e6488 870->878 879 7ff6b89e6c39-7ff6b89e6c45 call 7ff6b89e6910 870->879 871->870 875->849 885 7ff6b89e6c8d-7ff6b89e6ccf 878->885 886 7ff6b89e6c89-7ff6b89e6c8b 878->886 879->878 887 7ff6b89e6c47 879->887 889 7ff6b89e6cf1-7ff6b89e6cfc 885->889 890 7ff6b89e6cd1-7ff6b89e6cd5 885->890 888 7ff6b89e6c49-7ff6b89e6c51 call 7ff6b89dab30 886->888 887->888 888->867 892 7ff6b89e6d02-7ff6b89e6d06 889->892 893 7ff6b89e6da0 889->893 890->889 891 7ff6b89e6cd7-7ff6b89e6cec 890->891 891->889 892->893 895 7ff6b89e6d0c-7ff6b89e6d51 CloseHandle CreateFileW 892->895 893->867 897 7ff6b89e6d53-7ff6b89e6d81 GetLastError call 7ff6b89d4eec call 7ff6b89d86d0 895->897 898 7ff6b89e6d86-7ff6b89e6d9b 895->898 897->898 898->893
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1617910340-0
                                                                                                                                                                                                              • Opcode ID: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                              • Instruction ID: d08b37e974f67c1b9c1f2b9c34806b5c3088f19ad6fbca1a7c1a286b2174d0f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4205a6958293653b93a25a06bf68436f7b6b11ca03fe036e6858b65a4e3d069e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDC1B036B28A4285EF11EF7DC4902AC3B61F749BAAB015235DB2E97796CF38D056C304
                                                                                                                                                                                                              Function 00007FF6B89C92F0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Find$CloseFileFirst
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2295610775-0
                                                                                                                                                                                                              • Opcode ID: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                              • Instruction ID: 59e5ddf8ccef7d3d1c80e1f9f283e9121be6db81e24f4092fd1c0d53042ce33f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8f1f0d53470ef13f354418d29ecb311e48373b0acb6529cbcbe83ca601eafdf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F04422A1864386FB609B7CB44976A6750BB8876AF040235DB6D476D6DF3CD04A8B04
                                                                                                                                                                                                              Function 00007FFE0EC47914 Relevance: 80.7, APIs: 35, Strings: 11, Instructions: 221threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 0 7ffe0ec47914-7ffe0ec47944 PyType_GetModuleByDef 1 7ffe0ec47978-7ffe0ec47981 0->1 2 7ffe0ec47946-7ffe0ec47957 PyErr_SetString 0->2 4 7ffe0ec47987-7ffe0ec4798a 1->4 5 7ffe0ec47a3b-7ffe0ec47a58 PyErr_WarnEx 1->5 3 7ffe0ec4795d 2->3 6 7ffe0ec4795f-7ffe0ec47977 3->6 8 7ffe0ec47a10-7ffe0ec47a2d PyErr_WarnEx 4->8 9 7ffe0ec47990-7ffe0ec47993 4->9 5->3 7 7ffe0ec47a5e TLS_method 5->7 11 7ffe0ec47a64-7ffe0ec47a6a 7->11 8->3 10 7ffe0ec47a33-7ffe0ec47a39 TLSv1_method 8->10 12 7ffe0ec479e5-7ffe0ec47a02 PyErr_WarnEx 9->12 13 7ffe0ec47995-7ffe0ec47998 9->13 10->11 15 7ffe0ec47a6c-7ffe0ec47a86 PyErr_Format 11->15 16 7ffe0ec47a8b-7ffe0ec47aac PyEval_SaveThread SSL_CTX_new PyEval_RestoreThread 11->16 12->3 14 7ffe0ec47a08-7ffe0ec47a0e TLSv1_1_method 12->14 17 7ffe0ec479be-7ffe0ec479db PyErr_WarnEx 13->17 18 7ffe0ec4799a-7ffe0ec4799d 13->18 14->11 15->3 20 7ffe0ec47ad1-7ffe0ec47ae3 16->20 21 7ffe0ec47aae-7ffe0ec47acc PyModule_GetState call 7ffe0ec46554 16->21 17->3 19 7ffe0ec479dd-7ffe0ec479e3 TLSv1_2_method 17->19 22 7ffe0ec4799f-7ffe0ec479a2 18->22 23 7ffe0ec479b3-7ffe0ec479b9 TLS_client_method 18->23 19->11 28 7ffe0ec47ae5-7ffe0ec47aee SSL_CTX_free 20->28 29 7ffe0ec47af3-7ffe0ec47b2d PyModule_GetState 20->29 21->3 22->15 25 7ffe0ec479a8-7ffe0ec479ae TLS_server_method 22->25 23->11 25->11 28->3 30 7ffe0ec47b2f-7ffe0ec47b36 29->30 31 7ffe0ec47b64-7ffe0ec47b6a 29->31 32 7ffe0ec47b39-7ffe0ec47b41 call 7ffe0ec465a8 30->32 31->32 35 7ffe0ec47b43-7ffe0ec47b46 32->35 36 7ffe0ec47b6c-7ffe0ec47b92 SSL_CTX_set_options 32->36 35->3 37 7ffe0ec47b4c-7ffe0ec47b50 35->37 38 7ffe0ec47b94 36->38 39 7ffe0ec47b9b-7ffe0ec47ba3 SSL_CTX_set_cipher_list 36->39 37->3 40 7ffe0ec47b56-7ffe0ec47b5f _Py_Dealloc 37->40 38->39 41 7ffe0ec47bd5-7ffe0ec47bd8 39->41 42 7ffe0ec47ba5-7ffe0ec47ba7 39->42 40->3 45 7ffe0ec47be4-7ffe0ec47bfe SSL_CTX_ctrl 41->45 46 7ffe0ec47bda-7ffe0ec47bdd 41->46 43 7ffe0ec47ba9-7ffe0ec47bad 42->43 44 7ffe0ec47bb8-7ffe0ec47bd3 ERR_clear_error PyErr_SetString 42->44 43->44 47 7ffe0ec47baf-7ffe0ec47bb2 _Py_Dealloc 43->47 48 7ffe0ec47c1a-7ffe0ec47c1d 44->48 50 7ffe0ec47c00-7ffe0ec47c14 PyErr_Format 45->50 51 7ffe0ec47c39-7ffe0ec47c9f SSL_CTX_ctrl SSL_CTX_set_session_id_context SSL_CTX_get0_param X509_VERIFY_PARAM_set_flags X509_VERIFY_PARAM_set_hostflags SSL_CTX_set_post_handshake_auth 45->51 46->45 49 7ffe0ec47bdf-7ffe0ec47be2 46->49 47->44 52 7ffe0ec47c1f-7ffe0ec47c23 48->52 53 7ffe0ec47c2e-7ffe0ec47c34 ERR_clear_error 48->53 49->45 49->51 50->48 51->6 52->53 54 7ffe0ec47c25-7ffe0ec47c28 _Py_Dealloc 52->54 53->3 54->53
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077177561.00007FFE0EC41000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE0EC40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077152808.00007FFE0EC40000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077196765.00007FFE0EC4D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077222649.00007FFE0EC60000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077241448.00007FFE0EC61000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077264205.00007FFE0EC69000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0ec40000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Warn$Dealloc$Eval_FormatModule_R_clear_errorStateStringThreadX509_X_ctrl$M_set_flagsM_set_hostflagsModuleRestoreS_client_methodS_methodS_server_methodSaveSv1_1_methodSv1_2_methodSv1_methodType_X_freeX_get0_paramX_newX_set_cipher_listX_set_optionsX_set_post_handshake_authX_set_session_id_context
                                                                                                                                                                                                              • String ID: @SECLEVEL=2:ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES:DHE+AES:!aNULL:!eNULL:!aDSS:!SHA1:!AESCCM$Cannot find internal module state$Failed to set minimum protocol 0x%x$HIGH:!aNULL:!eNULL$No cipher can be selected.$Python$invalid or unsupported protocol version %i$ssl.PROTOCOL_TLS is deprecated$ssl.PROTOCOL_TLSv1 is deprecated$ssl.PROTOCOL_TLSv1_1 is deprecated$ssl.PROTOCOL_TLSv1_2 is deprecated
                                                                                                                                                                                                              • API String ID: 2039472478-3748777976
                                                                                                                                                                                                              • Opcode ID: 8cfc385c85f2151b9a3207bba0d16566a3d77b193caf614198fe20e9a8f702d3
                                                                                                                                                                                                              • Instruction ID: 45766af2ab364cfae3150dc94a92d28f6cd88d83dd9e43bdb01d9679c3d6a1bb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8cfc385c85f2151b9a3207bba0d16566a3d77b193caf614198fe20e9a8f702d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8B143B2E08B93A1EB549B25E9D437827A0FF85B94F044532C98E476B0DF3EE555C342
                                                                                                                                                                                                              Function 00007FFE0EC482CC Relevance: 47.4, APIs: 22, Strings: 5, Instructions: 195threadCOMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 490 7ffe0ec482cc-7ffe0ec4832e _errno 491 7ffe0ec48330-7ffe0ec48333 490->491 492 7ffe0ec4835a-7ffe0ec48369 PyUnicode_FSConverter 490->492 493 7ffe0ec48335-7ffe0ec48338 491->493 494 7ffe0ec48391-7ffe0ec483a0 PyUnicode_FSConverter 491->494 495 7ffe0ec4836b-7ffe0ec4837d PyErr_ExceptionMatches 492->495 496 7ffe0ec4838c-7ffe0ec4838f 492->496 497 7ffe0ec4833e 493->497 498 7ffe0ec483c8-7ffe0ec483d9 493->498 501 7ffe0ec483c3-7ffe0ec483c6 494->501 502 7ffe0ec483a2-7ffe0ec483b4 PyErr_ExceptionMatches 494->502 499 7ffe0ec48383-7ffe0ec4838a 495->499 500 7ffe0ec4854a 495->500 496->494 496->501 503 7ffe0ec48345-7ffe0ec48355 PyErr_SetString 497->503 507 7ffe0ec4845a-7ffe0ec48462 PyObject_CheckBuffer 498->507 508 7ffe0ec483db-7ffe0ec483e7 PyUnicode_AsASCIIString 498->508 499->503 505 7ffe0ec4854c-7ffe0ec48553 500->505 501->498 506 7ffe0ec48443-7ffe0ec48446 501->506 502->500 504 7ffe0ec483ba-7ffe0ec483c1 502->504 503->500 504->503 513 7ffe0ec48555-7ffe0ec48558 505->513 514 7ffe0ec48566-7ffe0ec4856d 505->514 509 7ffe0ec484d4-7ffe0ec484df 506->509 510 7ffe0ec4844c-7ffe0ec4844f 506->510 511 7ffe0ec48464-7ffe0ec48476 PyObject_GetBuffer 507->511 512 7ffe0ec48401-7ffe0ec48408 507->512 515 7ffe0ec4840d-7ffe0ec48426 call 7ffe0ec44d0c 508->515 516 7ffe0ec483e9-7ffe0ec483fb PyErr_ExceptionMatches 508->516 520 7ffe0ec484e1-7ffe0ec484e5 509->520 521 7ffe0ec484e9-7ffe0ec4850f PyEval_SaveThread SSL_CTX_load_verify_locations PyEval_RestoreThread 509->521 510->505 522 7ffe0ec48455 510->522 511->500 523 7ffe0ec4847c-7ffe0ec4848a PyBuffer_IsContiguous 511->523 512->503 513->514 524 7ffe0ec4855a-7ffe0ec4855e 513->524 517 7ffe0ec4856f-7ffe0ec48572 514->517 518 7ffe0ec48580-7ffe0ec485a6 514->518 532 7ffe0ec48436-7ffe0ec4843a 515->532 533 7ffe0ec48428-7ffe0ec4842b 515->533 516->500 516->512 517->518 525 7ffe0ec48574-7ffe0ec48578 517->525 520->521 521->505 527 7ffe0ec48511-7ffe0ec4851a _errno 521->527 522->520 528 7ffe0ec484be-7ffe0ec484cf PyBuffer_Release 523->528 529 7ffe0ec4848c-7ffe0ec4848f 523->529 524->514 530 7ffe0ec48560 _Py_Dealloc 524->530 525->518 531 7ffe0ec4857a _Py_Dealloc 525->531 534 7ffe0ec48534-7ffe0ec48545 call 7ffe0ec46554 527->534 535 7ffe0ec4851c-7ffe0ec48532 PyErr_SetFromErrno ERR_clear_error 527->535 528->503 529->528 536 7ffe0ec48491-7ffe0ec484b6 call 7ffe0ec44d0c PyBuffer_Release 529->536 530->514 531->518 532->500 539 7ffe0ec48440 532->539 533->532 538 7ffe0ec4842d-7ffe0ec48430 _Py_Dealloc 533->538 534->500 535->500 536->500 542 7ffe0ec484bc 536->542 538->532 539->506 542->506
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077177561.00007FFE0EC41000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE0EC40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077152808.00007FFE0EC40000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077196765.00007FFE0EC4D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077222649.00007FFE0EC60000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077241448.00007FFE0EC61000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077264205.00007FFE0EC69000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0ec40000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Buffer_DeallocExceptionMatchesUnicode_$BufferConverterEval_Object_ReleaseStringThread_errno$CheckContiguousErrnoFromR_clear_errorRestoreSaveX_load_verify_locations
                                                                                                                                                                                                              • String ID: cadata should be a contiguous buffer with a single dimension$cadata should be an ASCII string or a bytes-like object$cafile should be a valid filesystem path$cafile, capath and cadata cannot be all omitted$capath should be a valid filesystem path
                                                                                                                                                                                                              • API String ID: 3554890122-3904065072
                                                                                                                                                                                                              • Opcode ID: ef487ceff39f30d14c47edab4b48e6c7aa9c2c91d9792b88d7dcaf19dc6b736b
                                                                                                                                                                                                              • Instruction ID: 0a9387937b3bff5d709799abd2f507b6ed35117f6107ecf8889e58a3443f3f1c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ef487ceff39f30d14c47edab4b48e6c7aa9c2c91d9792b88d7dcaf19dc6b736b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F98140A2B08B82A1FB59AF65E8D427827A1FF44F94F545031ED8E476B4DE7EE444C302
                                                                                                                                                                                                              Function 00007FFE0E164700 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 543 7ffe0e164700-7ffe0e16473d PyImport_ImportModuleLevelObject 544 7ffe0e164743-7ffe0e16474f 543->544 545 7ffe0e1648bb 543->545 547 7ffe0e1648d5-7ffe0e1648d8 544->547 548 7ffe0e164755-7ffe0e164768 544->548 546 7ffe0e1648bd-7ffe0e1648d4 545->546 547->546 549 7ffe0e164770-7ffe0e164789 PyObject_GetAttr 548->549 550 7ffe0e16478b-7ffe0e1647a9 PyUnicode_FromFormat 549->550 551 7ffe0e1647d7-7ffe0e1647eb 549->551 552 7ffe0e1647af-7ffe0e1647c1 PyObject_GetItem 550->552 553 7ffe0e16483b-7ffe0e164882 PyErr_Clear PyModule_GetFilenameObject PyUnicode_FromFormat PyErr_SetImportError 550->553 554 7ffe0e1647f5 PyObject_SetItem 551->554 555 7ffe0e1647ed-7ffe0e1647f3 PyDict_SetItem 551->555 556 7ffe0e1647c3-7ffe0e1647c7 552->556 557 7ffe0e1647d2-7ffe0e1647d5 552->557 559 7ffe0e164893-7ffe0e164896 553->559 560 7ffe0e164884-7ffe0e164888 553->560 558 7ffe0e1647fb-7ffe0e164800 554->558 555->558 556->557 564 7ffe0e1647c9-7ffe0e1647cc _Py_Dealloc 556->564 557->551 557->553 565 7ffe0e164802-7ffe0e164806 558->565 566 7ffe0e164811-7ffe0e164813 558->566 562 7ffe0e1648a7-7ffe0e1648aa 559->562 563 7ffe0e164898-7ffe0e16489c 559->563 560->559 561 7ffe0e16488a-7ffe0e16488d _Py_Dealloc 560->561 561->559 562->545 568 7ffe0e1648ac-7ffe0e1648b0 562->568 563->562 567 7ffe0e16489e-7ffe0e1648a1 _Py_Dealloc 563->567 564->557 565->566 569 7ffe0e164808-7ffe0e16480b _Py_Dealloc 565->569 566->562 570 7ffe0e164819-7ffe0e164828 566->570 567->562 568->545 571 7ffe0e1648b2-7ffe0e1648b5 _Py_Dealloc 568->571 569->566 570->547 572 7ffe0e16482e-7ffe0e164836 570->572 571->545 572->549
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$ItemObject_$Err_FormatFromImportObjectUnicode_$AttrClearDict_ErrorFilenameImport_LevelModuleModule_
                                                                                                                                                                                                              • String ID: %U.%U$cannot import name %R from %R (%S)
                                                                                                                                                                                                              • API String ID: 3630264407-438398067
                                                                                                                                                                                                              • Opcode ID: eb0495fba2b9f8bae62f291a83bce40592bd6c5b3399fe437b91431e8b785962
                                                                                                                                                                                                              • Instruction ID: 8376f799b35ae62c44e5b7c873a999d5ef85e9aa5077fd072c56fd40bbb8dde4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb0495fba2b9f8bae62f291a83bce40592bd6c5b3399fe437b91431e8b785962
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1513C76A08A83C5EA549F92A84427963B6FB49FD5F448032CEDE47B75DF3CE4958300
                                                                                                                                                                                                              Function 00007FF6B89C1950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 573 7ff6b89c1950-7ff6b89c198b call 7ff6b89c45b0 576 7ff6b89c1991-7ff6b89c19d1 call 7ff6b89c7f80 573->576 577 7ff6b89c1c4e-7ff6b89c1c72 call 7ff6b89cc5c0 573->577 582 7ff6b89c19d7-7ff6b89c19e7 call 7ff6b89d0744 576->582 583 7ff6b89c1c3b-7ff6b89c1c3e call 7ff6b89d00bc 576->583 588 7ff6b89c19e9-7ff6b89c1a03 call 7ff6b89d4f78 call 7ff6b89c2910 582->588 589 7ff6b89c1a08-7ff6b89c1a24 call 7ff6b89d040c 582->589 587 7ff6b89c1c43-7ff6b89c1c4b 583->587 587->577 588->583 595 7ff6b89c1a45-7ff6b89c1a5a call 7ff6b89d4f98 589->595 596 7ff6b89c1a26-7ff6b89c1a40 call 7ff6b89d4f78 call 7ff6b89c2910 589->596 602 7ff6b89c1a5c-7ff6b89c1a76 call 7ff6b89d4f78 call 7ff6b89c2910 595->602 603 7ff6b89c1a7b-7ff6b89c1b05 call 7ff6b89c1c80 * 2 call 7ff6b89d0744 call 7ff6b89d4fb4 595->603 596->583 602->583 617 7ff6b89c1b0a-7ff6b89c1b14 603->617 618 7ff6b89c1b35-7ff6b89c1b4e call 7ff6b89d040c 617->618 619 7ff6b89c1b16-7ff6b89c1b30 call 7ff6b89d4f78 call 7ff6b89c2910 617->619 625 7ff6b89c1b50-7ff6b89c1b6a call 7ff6b89d4f78 call 7ff6b89c2910 618->625 626 7ff6b89c1b6f-7ff6b89c1b8b call 7ff6b89d0180 618->626 619->583 625->583 633 7ff6b89c1b9e-7ff6b89c1bac 626->633 634 7ff6b89c1b8d-7ff6b89c1b99 call 7ff6b89c2710 626->634 633->583 636 7ff6b89c1bb2-7ff6b89c1bb9 633->636 634->583 639 7ff6b89c1bc1-7ff6b89c1bc7 636->639 640 7ff6b89c1be0-7ff6b89c1bef 639->640 641 7ff6b89c1bc9-7ff6b89c1bd6 639->641 640->640 642 7ff6b89c1bf1-7ff6b89c1bfa 640->642 641->642 643 7ff6b89c1c0f 642->643 644 7ff6b89c1bfc-7ff6b89c1bff 642->644 646 7ff6b89c1c11-7ff6b89c1c24 643->646 644->643 645 7ff6b89c1c01-7ff6b89c1c04 644->645 645->643 647 7ff6b89c1c06-7ff6b89c1c09 645->647 648 7ff6b89c1c26 646->648 649 7ff6b89c1c2d-7ff6b89c1c39 646->649 647->643 650 7ff6b89c1c0b-7ff6b89c1c0d 647->650 648->649 649->583 649->639 650->646
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C7F80: _fread_nolock.LIBCMT ref: 00007FF6B89C802A
                                                                                                                                                                                                              • _fread_nolock.LIBCMT ref: 00007FF6B89C1A1B
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF6B89C1B6A), ref: 00007FF6B89C295E
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                                              • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2397952137-3497178890
                                                                                                                                                                                                              • Opcode ID: cf2c84c22f69f7fd9ef77d3daf6dfed05904346f4a6f89c61418df1a2be62197
                                                                                                                                                                                                              • Instruction ID: 325a1f98b7548f93e4caf0324f1ac2d714d72f30d6de4be9a4d339fa2ee995f6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf2c84c22f69f7fd9ef77d3daf6dfed05904346f4a6f89c61418df1a2be62197
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17815B71A1868786EF60EB3CD4412B927A0AF48786F444431EB8DC779BDE2DE5478B4C
                                                                                                                                                                                                              Function 00007FFE0E169153 Relevance: 19.6, APIs: 13, Instructions: 139COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 651 7ffe0e169153-7ffe0e169199 call 7ffe0e164280 654 7ffe0e1691d3-7ffe0e1691dd 651->654 655 7ffe0e16919b-7ffe0e1691a5 call 7ffe0e172930 651->655 657 7ffe0e1691df-7ffe0e1691e8 654->657 658 7ffe0e1691f6-7ffe0e1691f9 654->658 659 7ffe0e1691aa-7ffe0e1691ac 655->659 657->658 660 7ffe0e1691ea-7ffe0e1691ee 657->660 661 7ffe0e16920e-7ffe0e169218 658->661 662 7ffe0e1691fb-7ffe0e1691fd 658->662 659->654 663 7ffe0e1691ae-7ffe0e1691b0 659->663 660->658 664 7ffe0e1691f0 _Py_Dealloc 660->664 666 7ffe0e169231-7ffe0e16923b 661->666 667 7ffe0e16921a-7ffe0e169223 661->667 662->661 665 7ffe0e1691ff-7ffe0e169203 662->665 669 7ffe0e1691b2-7ffe0e1691b6 663->669 670 7ffe0e1691c1-7ffe0e1691d2 663->670 664->658 665->661 673 7ffe0e169205-7ffe0e169208 _Py_Dealloc 665->673 671 7ffe0e169254-7ffe0e16925e 666->671 672 7ffe0e16923d-7ffe0e169246 666->672 667->666 668 7ffe0e169225-7ffe0e169229 667->668 668->666 674 7ffe0e16922b _Py_Dealloc 668->674 669->670 675 7ffe0e1691b8-7ffe0e1691bb _Py_Dealloc 669->675 677 7ffe0e169260-7ffe0e169269 671->677 678 7ffe0e169277-7ffe0e169281 671->678 672->671 676 7ffe0e169248-7ffe0e16924c 672->676 673->661 674->666 675->670 676->671 679 7ffe0e16924e _Py_Dealloc 676->679 677->678 680 7ffe0e16926b-7ffe0e16926f 677->680 681 7ffe0e169283-7ffe0e16928c 678->681 682 7ffe0e16929a-7ffe0e1692a4 678->682 679->671 680->678 683 7ffe0e169271 _Py_Dealloc 680->683 681->682 684 7ffe0e16928e-7ffe0e169292 681->684 685 7ffe0e1692bd-7ffe0e1692c7 682->685 686 7ffe0e1692a6-7ffe0e1692af 682->686 683->678 684->682 690 7ffe0e169294 _Py_Dealloc 684->690 688 7ffe0e1692e0-7ffe0e1692ea 685->688 689 7ffe0e1692c9-7ffe0e1692d2 685->689 686->685 687 7ffe0e1692b1-7ffe0e1692b5 686->687 687->685 691 7ffe0e1692b7 _Py_Dealloc 687->691 693 7ffe0e169303-7ffe0e16930d 688->693 694 7ffe0e1692ec-7ffe0e1692f5 688->694 689->688 692 7ffe0e1692d4-7ffe0e1692d8 689->692 690->682 691->685 692->688 695 7ffe0e1692da _Py_Dealloc 692->695 697 7ffe0e16930f-7ffe0e169318 693->697 698 7ffe0e169326-7ffe0e169330 693->698 694->693 696 7ffe0e1692f7-7ffe0e1692fb 694->696 695->688 696->693 699 7ffe0e1692fd _Py_Dealloc 696->699 697->698 700 7ffe0e16931a-7ffe0e16931e 697->700 701 7ffe0e169332-7ffe0e16933b 698->701 702 7ffe0e169349-7ffe0e169353 698->702 699->693 700->698 706 7ffe0e169320 _Py_Dealloc 700->706 701->702 703 7ffe0e16933d-7ffe0e169341 701->703 704 7ffe0e169355-7ffe0e16935e 702->704 705 7ffe0e16936c-7ffe0e169378 702->705 703->702 707 7ffe0e169343 _Py_Dealloc 703->707 704->705 708 7ffe0e169360-7ffe0e169364 704->708 706->698 707->702 708->705 709 7ffe0e169366 _Py_Dealloc 708->709 709->705
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Unicode_$FromInternPlaceSizeString
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2745024575-0
                                                                                                                                                                                                              • Opcode ID: 0f2eb5f35846a8456c7112da878c6113124e833643e34b0ec4b928e486e0026e
                                                                                                                                                                                                              • Instruction ID: 35e43e6aaa6f2c929a90a36882f6c0a07bf5fc486a2f715e6ff98d1113a44705
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0f2eb5f35846a8456c7112da878c6113124e833643e34b0ec4b928e486e0026e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0071AC39D0EA07C6FA568F69E94413933F4AF85F98F64447AC9CE466B2DF3DA4428700
                                                                                                                                                                                                              Function 00007FF6B89C2180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                                              • String ID: P%
                                                                                                                                                                                                              • API String ID: 2147705588-2959514604
                                                                                                                                                                                                              • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                              • Instruction ID: f34f0ceec0b866bf32b4bf4c4c74426cc33999bde5110d526174f7a492ce8585
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2251F8266147A286DA349F3AE4181BAB7A1F798B62F004131EFDF83695DF3CD046DB14
                                                                                                                                                                                                              Function 00007FF6B89C1470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-3659356012
                                                                                                                                                                                                              • Opcode ID: 236ba73ab6ce1d92c64f8567c5591b24870a479b754ba208a06bcc9b11321583
                                                                                                                                                                                                              • Instruction ID: 79d79ea7ce7b50da2806e2a12a8740d4de38ffe90278f434a1ee6980498fb5db
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 236ba73ab6ce1d92c64f8567c5591b24870a479b754ba208a06bcc9b11321583
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2A417A22A1868386EE00EB3D94405B96390BF44786F844832EF4D97B97DE3DE5478B4C
                                                                                                                                                                                                              Function 00007FF6B89C1210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                              control_flow_graph 903 7ff6b89c1210-7ff6b89c126d call 7ff6b89cbdf0 906 7ff6b89c126f-7ff6b89c1296 call 7ff6b89c2710 903->906 907 7ff6b89c1297-7ff6b89c12af call 7ff6b89d4fb4 903->907 912 7ff6b89c12b1-7ff6b89c12cf call 7ff6b89d4f78 call 7ff6b89c2910 907->912 913 7ff6b89c12d4-7ff6b89c12e4 call 7ff6b89d4fb4 907->913 925 7ff6b89c1439-7ff6b89c146d call 7ff6b89cbad0 call 7ff6b89d4fa0 * 2 912->925 919 7ff6b89c1309-7ff6b89c131b 913->919 920 7ff6b89c12e6-7ff6b89c1304 call 7ff6b89d4f78 call 7ff6b89c2910 913->920 921 7ff6b89c1320-7ff6b89c1345 call 7ff6b89d040c 919->921 920->925 932 7ff6b89c1431 921->932 933 7ff6b89c134b-7ff6b89c1355 call 7ff6b89d0180 921->933 932->925 933->932 939 7ff6b89c135b-7ff6b89c1367 933->939 941 7ff6b89c1370-7ff6b89c1398 call 7ff6b89ca230 939->941 944 7ff6b89c1416-7ff6b89c142c call 7ff6b89c2710 941->944 945 7ff6b89c139a-7ff6b89c139d 941->945 944->932 947 7ff6b89c1411 945->947 948 7ff6b89c139f-7ff6b89c13a9 945->948 947->944 949 7ff6b89c13d4-7ff6b89c13d7 948->949 950 7ff6b89c13ab-7ff6b89c13b9 call 7ff6b89d0b4c 948->950 951 7ff6b89c13d9-7ff6b89c13e7 call 7ff6b89e9ea0 949->951 952 7ff6b89c13ea-7ff6b89c13ef 949->952 954 7ff6b89c13be-7ff6b89c13c1 950->954 951->952 952->941 956 7ff6b89c13f5-7ff6b89c13f8 952->956 957 7ff6b89c13cf-7ff6b89c13d2 954->957 958 7ff6b89c13c3-7ff6b89c13cd call 7ff6b89d0180 954->958 960 7ff6b89c140c-7ff6b89c140f 956->960 961 7ff6b89c13fa-7ff6b89c13fd 956->961 957->944 958->952 958->957 960->932 961->944 963 7ff6b89c13ff-7ff6b89c1407 961->963 963->921
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                                              • API String ID: 2050909247-2813020118
                                                                                                                                                                                                              • Opcode ID: 8f527a029b5cc2fd8811f292069cd2c15cb7a9cc290ce7306b7b2f094b3deaa1
                                                                                                                                                                                                              • Instruction ID: ddacbe4f89afc29ae3f8b0f9e5a9f06bb23b704c2ea11135194f01930fe32bf2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8f527a029b5cc2fd8811f292069cd2c15cb7a9cc290ce7306b7b2f094b3deaa1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1251C522A0864385EE60BB3DA4403BA6691BF45796F444131EF4D87BD7EE3DE547CB08
                                                                                                                                                                                                              Function 00007FF6B89C36B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • GetModuleFileNameW.KERNEL32(?,00007FF6B89C3804), ref: 00007FF6B89C36E1
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,00007FF6B89C3804), ref: 00007FF6B89C36EB
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B89C3706,?,00007FF6B89C3804), ref: 00007FF6B89C2C9E
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF6B89C3706,?,00007FF6B89C3804), ref: 00007FF6B89C2D63
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C2C50: MessageBoxW.USER32 ref: 00007FF6B89C2D99
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                                              • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                                              • API String ID: 3187769757-2863816727
                                                                                                                                                                                                              • Opcode ID: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                              • Instruction ID: 9bbc9939f26fad8f8a94428238d5ca36628f64ae1656f0f886f58c7f0eccbe1d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d8fde842cedad8fbf80b9c4aa3ce336361ac9392ce2c79ae57a11131fda94fc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F210C51A2C64385FE21B73DE8152B62250BF5835BF404131D76EC75D7EE2DE60A9B08
                                                                                                                                                                                                              Function 00007FFE0EC46EA4 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077177561.00007FFE0EC41000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE0EC40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077152808.00007FFE0EC40000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077196765.00007FFE0EC4D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077222649.00007FFE0EC60000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077241448.00007FFE0EC61000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077264205.00007FFE0EC69000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0ec40000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$CheckErr_KeywordsLong_ModuleModule_OccurredPositionalStateType_
                                                                                                                                                                                                              • String ID: _SSLContext
                                                                                                                                                                                                              • API String ID: 3264916389-1468230856
                                                                                                                                                                                                              • Opcode ID: 86af39d5af9c0ecb34ed31492987183d0a606428a2856f0b632152e044bff220
                                                                                                                                                                                                              • Instruction ID: 895e20509c7824599f1e6e8727fcf97243135d48bc31266180faf6b77186bbc3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 86af39d5af9c0ecb34ed31492987183d0a606428a2856f0b632152e044bff220
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 78218172B09B82A1EA509B22E9C027567A1EF85FD0F084430D9EE43B79DE3ED8918301
                                                                                                                                                                                                              Function 00007FF6B89DBACC Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                              • Instruction ID: 65702a074f8c5c2daf1091cca84bed673a6e00553a125be666fe3c2897204614
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba46bac31fe72f1dd681b3566344db0dd8f54c3f22ac6e326a6392c95ac81308
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2DC1B06294868781EF61AB3D94402BD6BA0FB81B82F554131EB4E837A3CF7CE457875C
                                                                                                                                                                                                              Function 00007FF6B89C6350 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentProcess
                                                                                                                                                                                                              • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                                              • API String ID: 2050909247-2434346643
                                                                                                                                                                                                              • Opcode ID: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                              • Instruction ID: 4414a2a90da0d4269104e72169cfe37d79cecd48ec7bae4fb1d1d261909439ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 113c6b1de756f4b5b5eb6aeb9c43a8ac160651dc44d73755d1f433b83002bd4c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C413121A18A8791EE11EB3CE4542F96761FB94346F800136EB6D83697EF3DE607CB44
                                                                                                                                                                                                              Function 00007FF6B89C2390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                                              • String ID: Unhandled exception in script
                                                                                                                                                                                                              • API String ID: 3081866767-2699770090
                                                                                                                                                                                                              • Opcode ID: 9d37adb8919aaa9301242e1672c0db5e18d6b44b4274937772719b263de12092
                                                                                                                                                                                                              • Instruction ID: c753fce0fefb2aeb087b0b84059fe3d545b4033167b4bfc9f5cdbc90d99b71ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d37adb8919aaa9301242e1672c0db5e18d6b44b4274937772719b263de12092
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79315E2261868389EB24EB7DE8552F96760FF88785F440135EB4E87A5ADF3CD1068708
                                                                                                                                                                                                              Function 00007FFE11EA3AB0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083113114.00007FFE11EA1000.00000020.00000001.01000000.00000010.sdmp, Offset: 00007FFE11EA0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083086304.00007FFE11EA0000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083133668.00007FFE11EA7000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083155688.00007FFE11EAC000.00000004.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083176955.00007FFE11EAE000.00000002.00000001.01000000.00000010.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe11ea0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: D_do_all_providedDeallocFrozenModule_ObjectSet_
                                                                                                                                                                                                              • String ID: openssl_md_meth_names
                                                                                                                                                                                                              • API String ID: 4100423519-1600430994
                                                                                                                                                                                                              • Opcode ID: 377f0c0f1d187c6f6c3e59a4c7b27003ffe99c0898c3aca503393d1ddc3b5551
                                                                                                                                                                                                              • Instruction ID: 80de1f8a3e7c5c8ccbd719323a2b819fc54792951e5650c5bcb69dd610801144
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 377f0c0f1d187c6f6c3e59a4c7b27003ffe99c0898c3aca503393d1ddc3b5551
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11011A31B0CE0282EB248BA2BC052BA63A9BF48779F4405B5D94F426B1DF7DE944C700
                                                                                                                                                                                                              Function 00007FFE0EB41000 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076276879.00007FFE0EB41000.00000020.00000001.01000000.00000025.sdmp, Offset: 00007FFE0EB40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076260376.00007FFE0EB40000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076294655.00007FFE0EB42000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076312658.00007FFE0EB44000.00000002.00000001.01000000.00000025.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0eb40000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Import$Capsule_DeallocImport_Module
                                                                                                                                                                                                              • String ID: charset_normalizer.md__mypyc$charset_normalizer.md__mypyc.init_charset_normalizer___md
                                                                                                                                                                                                              • API String ID: 1394619730-824592145
                                                                                                                                                                                                              • Opcode ID: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                                                                                                                                                              • Instruction ID: 2257e48bc6a94cd707bd0d3c5b737090d3e1766d485dd9be554fcfc397057df0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5974c19f225ccfaa67e8cfdf14026b0452581abd6b019d6115b8283005d03241
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69E0E5E1E0A743C1EA7A9F25DC4427422E1EF98B00F898435D28D427B0EE7CA985DF10
                                                                                                                                                                                                              Function 00007FF6B89D5698 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1279662727-0
                                                                                                                                                                                                              • Opcode ID: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                              • Instruction ID: f60d63e9b134f2efdff561369df90a434d897112eb583d7a0fa1ab7ca0e79875
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf36874ab91a00f02a28b4fbd79205fddfb0159c1c162080bddd18248f81d06a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B41A422E5878387EB50AB7895103796260FB947A5F108334EB9C47AD3DF6CE4E28708
                                                                                                                                                                                                              Function 00007FF6B89C20C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1956198572-0
                                                                                                                                                                                                              • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                              • Instruction ID: fd69e71c8277b2d4c2bce4b5b499aed6254e1f2a462c94190bf06185a9a8d779
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3011E921B1C14382FF55A7BEE5442795292FF88782F844031DB4947B8BDD3ED4868708
                                                                                                                                                                                                              Function 00007FFE013174A0 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: J_nid2snR_fetchR_pop_to_markR_set_mark
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2772354928-0
                                                                                                                                                                                                              • Opcode ID: 9d6a64450acf58a63a50e4c19100a97fdf4d2fc7c8484d09c1bb12015f6b24b3
                                                                                                                                                                                                              • Instruction ID: 5900361ff4cae62a80fc98c6bd96dd5f1f15eb322a304077e697ab14474f52e6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9d6a64450acf58a63a50e4c19100a97fdf4d2fc7c8484d09c1bb12015f6b24b3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0F0A001B0878381EB44B76269411B995809F89BC0F4DA438FE8D6BBABDE2CE8524700
                                                                                                                                                                                                              Function 00007FF6B89CCCAC Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3251591375-0
                                                                                                                                                                                                              • Opcode ID: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                              • Instruction ID: 1b5161831eaec7b6bc408c9d37349be525c611c39b6871e81f414b555229af60
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bd18f10481fc1cc14ce46c2a249e6ab71ba61d2437927de899b0ff225cfe2228
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A316D10E4820351FE24BB3C94613B91B91AF4178AF454434DB5ECB6D3DE2EA807CB5C
                                                                                                                                                                                                              Function 00007FFE0E172ACD Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 3617616757-217463007
                                                                                                                                                                                                              • Opcode ID: f4d71fac36e61e2899d84e32005583331f99f3068e0a1fab41e660a1b0372fda
                                                                                                                                                                                                              • Instruction ID: 143f8107a91e0260b85ea0d522eaf99d5dec4f275b5774b44ebe5a3452acd29e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4d71fac36e61e2899d84e32005583331f99f3068e0a1fab41e660a1b0372fda
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 28F034A6F0AA4381FA519B19AC011B616B0AF45F99F440437CDDD472B5EE3DE9828310
                                                                                                                                                                                                              Function 00007FF6B89D01AC Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                              • Instruction ID: a5a680525b4838fa2a1324a944b83f28752070a0dcb80d8f3bbca47bb4617f2f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F251B762B4924B86FE28AA3E940067E6591BB44BA6F144734DF6D877D7CE3CD402870C
                                                                                                                                                                                                              Function 00007FF6B89DC1A4 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ErrorFileLastPointer
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2976181284-0
                                                                                                                                                                                                              • Opcode ID: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                              • Instruction ID: 5cd76396f7d7231ed8f6bdc49b55bf811a47c838b4457cfabebda57448a7c65d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fe8bab274ce7bcf2293d1df97f88808174c3604892bb54168c1d2d59b6616a84
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 17110162718A8381DE20AB3DA8041696361BB41BF5F540331EF7D8B7EACE3CD0028708
                                                                                                                                                                                                              Function 00007FF6B89DABC8 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • CloseHandle.KERNEL32(?,?,?,00007FF6B89DAA45,?,?,00000000,00007FF6B89DAAFA), ref: 00007FF6B89DAC36
                                                                                                                                                                                                              • GetLastError.KERNEL32(?,?,?,00007FF6B89DAA45,?,?,00000000,00007FF6B89DAAFA), ref: 00007FF6B89DAC40
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CloseErrorHandleLast
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 918212764-0
                                                                                                                                                                                                              • Opcode ID: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                              • Instruction ID: 8a1659144cc91d54386763514609f9b58b0a406a3bb8dade35b9cc38b1e2099b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1c4273fb4a414bd16749861b25ace672462e960675883ae7dbf138385109c950
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6221A111B5C64346EEA8677D989027912D2AF847A2F084635EB2EC73E3CE6CA457830C
                                                                                                                                                                                                              Function 00007FF6B89DBF1C Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                              • Instruction ID: bf86024d8d0f11519781206d9d1db680d88b50df3bebae4c1a061052afca689f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83fd655adac635c1bfef66338e564e5d3c087748e58eff1a34e14c1f5e77bb28
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD419032A4820287EE34AA3DE54027977A4EB55B86F100135EB9AC7692CF2DE503CB5D
                                                                                                                                                                                                              Function 00007FF6B89C7F80 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _fread_nolock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 840049012-0
                                                                                                                                                                                                              • Opcode ID: 9458945410eb2caa699859c6e696b636d26cb3a8e6d6551540efdb2ae941d134
                                                                                                                                                                                                              • Instruction ID: 7dc9112ea97955ac0fcd2517ccbf0dbe83be49eec3fc8e1c66023222e3ca3381
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9458945410eb2caa699859c6e696b636d26cb3a8e6d6551540efdb2ae941d134
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E216121B4965396FE10AA3E65047FA9651BB45BC5F8C4430EF4E9B787CE3EE0438B08
                                                                                                                                                                                                              Function 00007FF6B89DB9AC Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                              • Instruction ID: 83773f266723eb65632cc7bbd3c1a23f14f2b60da87e34efa533580843f4c736
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e965e93cbe1d72adb8351a0dc15ff4730447cd31f91a428760958f4d16ec249d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D31AD22A5864385EB517B7D884137C26A0AF40BA6F920535EB6D933E3CF7CE453872C
                                                                                                                                                                                                              Function 00007FFE0EC481D8 Relevance: 1.6, APIs: 1, Instructions: 77COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077177561.00007FFE0EC41000.00000020.00000001.01000000.00000012.sdmp, Offset: 00007FFE0EC40000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077152808.00007FFE0EC40000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077196765.00007FFE0EC4D000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077222649.00007FFE0EC60000.00000004.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077241448.00007FFE0EC61000.00000008.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077264205.00007FFE0EC69000.00000002.00000001.01000000.00000012.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0ec40000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_KeywordsUnpack
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1409375599-0
                                                                                                                                                                                                              • Opcode ID: 2dde85019f923016d4c3f5a17233583584655f92e70c11fe7567d4c50d67d2ea
                                                                                                                                                                                                              • Instruction ID: 29b39a6d119e6baec04279f10e1979e455afc4f1c3b3bda334618760b3861bb2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2dde85019f923016d4c3f5a17233583584655f92e70c11fe7567d4c50d67d2ea
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E121B1A3B19F92A1EA688F82A88096967A4FF45BD4F450031EE8D17774DE3EE441C701
                                                                                                                                                                                                              Function 00007FF6B89D6004 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                              • Instruction ID: 632fffaf004b4ed99f1a2677ac763dfcb474f1bef3e25da5b9cb6458341f47cf
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 99119322A5C64381EE60BF7D940027EA2A0BF45B82F444531EB8CDBAA7DF3CD412870C
                                                                                                                                                                                                              Function 00007FF6B89E63C4 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                              • Instruction ID: dd1d4e1b3873a1b2f65be2e6543fafc311f4ea6b4c3ab7af48adff08b56f9b0a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3ea3ce3b0d542221f39e0ec21b1c29adddc4a64aa4be1ebee55588f6cedcbaa9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54218072628A4386DB62AF2CD4403797AA1FB84B96F144234E79DC76DADF3CD406CB04
                                                                                                                                                                                                              Function 00007FF6B89D042C Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3215553584-0
                                                                                                                                                                                                              • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                              • Instruction ID: f6da23bb0c830b609822ed643b6611299591b872ab97336a512e33dc2b719911
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06018E21A4874740EE04AB6E9901469A691BF95FE1B088631EF6C97BE7DE3CE412430C
                                                                                                                                                                                                              Function 00007FF6B89C9070 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FF6B89C9400: MultiByteToWideChar.KERNEL32(?,?,?,00007FF6B89C45E4,00000000,00007FF6B89C1985), ref: 00007FF6B89C9439
                                                                                                                                                                                                              • LoadLibraryExW.KERNEL32(?,00007FF6B89C6466,?,00007FF6B89C336E), ref: 00007FF6B89C9092
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2592636585-0
                                                                                                                                                                                                              • Opcode ID: 73eda9eaecff5bf44f9f7388716af429d06d22f0ccc674e1ac4a626004a37bf7
                                                                                                                                                                                                              • Instruction ID: 476c30b19dc96646840adf38dab86485e789b521642fb0e8b43d37871f08808c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73eda9eaecff5bf44f9f7388716af429d06d22f0ccc674e1ac4a626004a37bf7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 50D08C11B2425681EE54B77FBA466395251AB89BC2E889035EF0D43B5BDC3CD0424B08
                                                                                                                                                                                                              Function 00007FF6B89DD66C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • HeapAlloc.KERNEL32(?,?,?,00007FF6B89D0D00,?,?,?,00007FF6B89D236A,?,?,?,?,?,00007FF6B89D3B59), ref: 00007FF6B89DD6AA
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3073337452.00007FF6B89C1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF6B89C0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073319163.00007FF6B89C0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073362464.00007FF6B89EB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B89FE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073383016.00007FF6B8A01000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A04000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3073415886.00007FF6B8A15000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ff6b89c0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AllocHeap
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4292702814-0
                                                                                                                                                                                                              • Opcode ID: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                              • Instruction ID: 4fa0e8a44ffcbc1e433dd7f2eb7f67e843579e14c13bf43a7a84b1efd32be511
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ab6faa5eb5c52a79f6ef15f458d67d4847db3a002ac7bba2a3205d093894568
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 89F03A00A8960386FE647A7D584127416905F54BA2F890630FA2EC72D7DE2CA442875C

                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                              Function 00007FFE012F21DF Relevance: 110.7, APIs: 57, Strings: 6, Instructions: 483COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_new$R_set_debugX_new$X_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_enc.c$HMAC$tls-mac-size$tls-version$tls1_change_cipher_state$tls_provider_set_tls_params
                                                                                                                                                                                                              • API String ID: 1274617517-1172825828
                                                                                                                                                                                                              • Opcode ID: 5bc5554ddd7bb702f3816a646488489912337c9d1c53e94c9d18e12e20747e55
                                                                                                                                                                                                              • Instruction ID: 7aada3d0d4355cfd8ba7ccab6df4ad9edc7463dedb32449654324a7b460b355d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5bc5554ddd7bb702f3816a646488489912337c9d1c53e94c9d18e12e20747e55
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA22AE72A08A8682EB64EB26D9407BD63A0FF95B84F518135DE8D4B7B2DF3CE151C701
                                                                                                                                                                                                              Function 00007FFE012F116D Relevance: 68.6, APIs: 34, Strings: 5, Instructions: 379COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Digest$Init_exL_cleanseR_newR_set_debug$D_get_sizeFinal_exX_freeX_newY_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c$HMAC$ext binder$res binder$tls_psk_do_binder
                                                                                                                                                                                                              • API String ID: 1272419997-82630564
                                                                                                                                                                                                              • Opcode ID: 02f9fc24decce5080dfe6d181de6a0d9c870e4517c4ca928424ac1da973334b8
                                                                                                                                                                                                              • Instruction ID: 9c4fb538e65e535e28afb0cf5005a2a4ffc0f3507c9fb5b97b13ac761cad5c84
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 02f9fc24decce5080dfe6d181de6a0d9c870e4517c4ca928424ac1da973334b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 45F15022B1C68382EB68D761E4557EA6761FB85B84F414035EE8D4BAB6DF7CE104CB40
                                                                                                                                                                                                              Function 00007FFE012F21C1 Relevance: 47.6, APIs: 25, Strings: 2, Instructions: 308COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_key_share
                                                                                                                                                                                                              • API String ID: 193678381-3282377310
                                                                                                                                                                                                              • Opcode ID: e4c32d548a5fb7f5c012ebd0b98307e47396899716ab04757b32bcbd2bcfe083
                                                                                                                                                                                                              • Instruction ID: f6bfec608bcf1a10d9223019c3f35b461f300bc59e2da4b01d26b347c73d1b51
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4c32d548a5fb7f5c012ebd0b98307e47396899716ab04757b32bcbd2bcfe083
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93D19C62F1828387FB50EB21E8156B92291EF81B84F468036EA5D1EAF6DF3CF5458710
                                                                                                                                                                                                              Function 00007FFE013121C0 Relevance: 38.8, APIs: 20, Strings: 2, Instructions: 281COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_new
                                                                                                                                                                                                              • API String ID: 1552677711-1278568459
                                                                                                                                                                                                              • Opcode ID: 70ac47f4399532c403a3cd33b4663962d4bed4d87ea2d6c605935e0e27f9bf3b
                                                                                                                                                                                                              • Instruction ID: 7a7f5fbf1ddba88cb592b5a9578beb367620753c73c25b9ef619802eb06bbc5f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 70ac47f4399532c403a3cd33b4663962d4bed4d87ea2d6c605935e0e27f9bf3b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BBE11476606B8296EB88CF25D5806E973A4FB49B88F19513ADF5C4B765DF3CE0A0C310
                                                                                                                                                                                                              Function 00007FFE01332230 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 170COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: N_clear_free$R_newR_set_debug$N_num_bitsO_clear_freeO_malloc
                                                                                                                                                                                                              • String ID: ..\s\ssl\tls_srp.c$srp_generate_client_master_secret
                                                                                                                                                                                                              • API String ID: 1310426286-3880031085
                                                                                                                                                                                                              • Opcode ID: 9bb866a29728b13ab4cff180e5e4dbb876ff64fed811af41bf491d10edb5c583
                                                                                                                                                                                                              • Instruction ID: d8d94d6a32a3d83cd6f0c910659ec362685cdd554c731efa764ff1dd954e01c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9bb866a29728b13ab4cff180e5e4dbb876ff64fed811af41bf491d10edb5c583
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E618366B0978381EB54AB22E8506F963A0BF85FD4F419036DE8D1B7A6DF3CE055D304
                                                                                                                                                                                                              Function 00007FFE012F2180 Relevance: 28.2, APIs: 13, Strings: 3, Instructions: 177COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_new$R_set_debug$O_free$Y_freeY_get1_encoded_public_key
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$add_key_share$tls_construct_ctos_key_share
                                                                                                                                                                                                              • API String ID: 2910640537-2776458525
                                                                                                                                                                                                              • Opcode ID: 289501a23b5bb92a995857a8392fc14f090a91237d170fe31977079ff10d4a63
                                                                                                                                                                                                              • Instruction ID: 6ed3d824fa49007da28ebe5cab9b4ceddb5809c80355cdbd4858fc303276e54d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 289501a23b5bb92a995857a8392fc14f090a91237d170fe31977079ff10d4a63
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B717D21B0C68382EB54EB12A4506BA6261FF857C0F854035EE8E6BBBADF3CF5409740
                                                                                                                                                                                                              Function 00007FFE012F11DB Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_free$E_freeX509_Y_free$D_lock_freeL_sk_pop_freeX509_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_cert.c
                                                                                                                                                                                                              • API String ID: 3478116879-349359282
                                                                                                                                                                                                              • Opcode ID: 73eeb4c5e27859a205d1f8c0647ef6662eeac154cd29ec974cee8680553f9db9
                                                                                                                                                                                                              • Instruction ID: 72a8278369ab75c4a714d4cc04a3b4559c568b4ee150526474c8c8d75feddf5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73eeb4c5e27859a205d1f8c0647ef6662eeac154cd29ec974cee8680553f9db9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC316D32B18B4395EB54AF26E4902BC7320FB85BD4F459035DA9D4B6BACF6CE561C300
                                                                                                                                                                                                              Function 00007FFE01353210 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 104COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug$O_freeY_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_construct_cke_ecdhe
                                                                                                                                                                                                              • API String ID: 110670684-68429018
                                                                                                                                                                                                              • Opcode ID: 0b607ab7f733bbee8ba7c515808f2c8593eb65f27f81b40e27a977e953ba4c89
                                                                                                                                                                                                              • Instruction ID: af73cf1e0092723be1d404893f8683e9293f62391b27048ffc6452260493987b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0b607ab7f733bbee8ba7c515808f2c8593eb65f27f81b40e27a977e953ba4c89
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61418D21B1C78381E710EB62E811AF96310AF96BC4F855036ED8C0BBBADF6CE6058750
                                                                                                                                                                                                              Function 00007FFE012FD140 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 73COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error$O_freeO_strdup
                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c$ssl3_ctrl
                                                                                                                                                                                                              • API String ID: 1111623124-3079590724
                                                                                                                                                                                                              • Opcode ID: f81a6dad30362f2ac4d5aea5d7ea7990be999d68f5c66084f97cb660a3f56ef9
                                                                                                                                                                                                              • Instruction ID: 17cb49c129dd0d594779360c42b1d5e55f6f4e7415934a4598891eb28f8cbd46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f81a6dad30362f2ac4d5aea5d7ea7990be999d68f5c66084f97cb660a3f56ef9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9531EE25F2E68781F3A0A7A4D850BF92210EF873A4F925036D94D0EAF2DF2CE441D751
                                                                                                                                                                                                              Function 00007FFE012F120D Relevance: 22.8, APIs: 12, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_free$Y_free$L_sk_pop_freeO_clear_freememset
                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c
                                                                                                                                                                                                              • API String ID: 4031674668-4238427508
                                                                                                                                                                                                              • Opcode ID: 176b73d69b66d304dd467131cb222234baed645dd21af7a61a702f1c58830799
                                                                                                                                                                                                              • Instruction ID: 67180f60de83a136b9133a26156be6a936640aa5e15b35ffec4d53ce5dec55ac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 176b73d69b66d304dd467131cb222234baed645dd21af7a61a702f1c58830799
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8314B61B0868780FB50AB62D4917F82321EF86FC8F859036DD4D4F2BACE2DE244C321
                                                                                                                                                                                                              Function 00007FFE012F213F Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 146COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: $ $..\s\ssl\t1_enc.c$key expansion$tls1_setup_key_block
                                                                                                                                                                                                              • API String ID: 0-3969574974
                                                                                                                                                                                                              • Opcode ID: 08aadb7335f0ff2100672982f44246b87d78d62cf04f43cf1e3f4d884858f655
                                                                                                                                                                                                              • Instruction ID: 86ec0efce0c4cf5c75e6dc26770ad19bebbca559e41923e06b93688e581b2725
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 08aadb7335f0ff2100672982f44246b87d78d62cf04f43cf1e3f4d884858f655
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FB615C32A09B8282EB60DF15E4403EE73A4FB85B84F454136EA8C4BBA9DF3CD555CB41
                                                                                                                                                                                                              Function 00007FFE01334230 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 120COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_free$O_mallocmemset
                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_d1.c$dtls1_buffer_record
                                                                                                                                                                                                              • API String ID: 1168073369-935135588
                                                                                                                                                                                                              • Opcode ID: 76a2201af0d1f3c16cac33060e385449dac4a92ad8880baa11f22c613e71bc0a
                                                                                                                                                                                                              • Instruction ID: 8a38fa1cbbf04789ac0af95cdb4e90bd89206debc2d00ad627fc62d2651903b6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 76a2201af0d1f3c16cac33060e385449dac4a92ad8880baa11f22c613e71bc0a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9516112E18B82C2F714DF35E5502BD6360FB96B88F45A235EE9D1B666EF2CE1918300
                                                                                                                                                                                                              Function 00007FFE012F21E4 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug$O_freeO_malloc
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_clnt.c$tls_parse_stoc_ec_pt_formats
                                                                                                                                                                                                              • API String ID: 3068916411-1323216733
                                                                                                                                                                                                              • Opcode ID: 31b3dc26473d44c47eb2d41b300b297624ea294a13f22d69dd8cbc0c06199a9f
                                                                                                                                                                                                              • Instruction ID: 036918e9c5ed4239f2622414058c794c511218d0d59879a4bfc1a3d60c55cd97
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 31b3dc26473d44c47eb2d41b300b297624ea294a13f22d69dd8cbc0c06199a9f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0316061F1DB8282E7109B51E8017B9A360FB5A7C4F554135EA9C0BBBADF2CE691C700
                                                                                                                                                                                                              Function 00007FFE012F11BD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_mallocR_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c$tls1_set_raw_sigalgs
                                                                                                                                                                                                              • API String ID: 2261483606-2202831108
                                                                                                                                                                                                              • Opcode ID: c7a7be04739af81666f37998fa7be6d26dac59b08b6b6dbe981498b13f31d24a
                                                                                                                                                                                                              • Instruction ID: 87b2f28d2ae12ef76c0b251c50f911b83f8987f25fee599b8b72930e9554a66a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c7a7be04739af81666f37998fa7be6d26dac59b08b6b6dbe981498b13f31d24a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46319A32A0DB9281E760EB22E8007EA6364FB55B84F465036EE8D1BBA5DF3CE000C710
                                                                                                                                                                                                              Function 00007FFDFF1918A0 Relevance: 13.9, APIs: 9, Instructions: 424COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mem_$FreeSubtypeType_$DataErr_FromKindMallocMemoryReallocUnicode_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3719493655-0
                                                                                                                                                                                                              • Opcode ID: 0c22d9056acb871eddf48ff6985902c40c9bac8e0db102ec70c3771e64610527
                                                                                                                                                                                                              • Instruction ID: 4d71b2564e519c8551429e5b31f771edc69629eb3cda4581e9d4efa3b8064ce6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c22d9056acb871eddf48ff6985902c40c9bac8e0db102ec70c3771e64610527
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8702C073F0859282E7348F14D464A7967A5EB85788F584331D6BEA67DCEF2DE881C380
                                                                                                                                                                                                              Function 00007FFE101D1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077305025.00007FFE101D1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE101D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077283991.00007FFE101D0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077324741.00007FFE101D4000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077344275.00007FFE101D5000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077367222.00007FFE101D6000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe101d0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                              • Instruction ID: c080235a11f230afe845a589de39343f95cf208677d253e1123a1e860f8f8817
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a57d354b9f48531f5e4b6dcb676abd35c4c55538187d76e763eeca891f7d0db
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 68313972709E819AFB608F61E8543E96364FB84758F44403ADB8E47BA8DF3CD648C710
                                                                                                                                                                                                              Function 00007FFDFF193068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                              • Instruction ID: 408cb891cb1ed60bb473c7fb0122db125998b8e2ccf4dcf3f7d8655749437df9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 92316C73B09A8186EB708F60E8607ED33A4FB84748F44413ADA6E57A98DF39C649C750
                                                                                                                                                                                                              Function 00007FFE12E11AC0 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083454900.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083434753.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083499244.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12e10000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: 3f1457cb40ba07d85a9440bc03577fdca5d72a94ac209a419e2686ff93dec302
                                                                                                                                                                                                              • Instruction ID: abdbd468a0b2e53398c1d55c9e179085cb488b8ac249b8c092b8a73430ccbd75
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3f1457cb40ba07d85a9440bc03577fdca5d72a94ac209a419e2686ff93dec302
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95317072A08F8189EB618F65EC507EE73A0FB84754F444039DA4E47BA8DF78D648D710
                                                                                                                                                                                                              Function 00007FFE0EC01960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076745307.00007FFE0EC01000.00000020.00000001.01000000.0000001F.sdmp, Offset: 00007FFE0EC00000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076729501.00007FFE0EC00000.00000002.00000001.01000000.0000001F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076767461.00007FFE0EC02000.00000002.00000001.01000000.0000001F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076791667.00007FFE0EC04000.00000002.00000001.01000000.0000001F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0ec00000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                                                                                              • Instruction ID: 0cddcde684b02ff6192ae4ee96a0b6da6dd3e32c5f886259f9c64bc96d066b73
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B9315072609BC199EB648FA0E8903FD7365FB84748F44403ADA8E47BA5DF39D648C710
                                                                                                                                                                                                              Function 00007FFE10301960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3078994760.00007FFE10301000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFE10300000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3078674842.00007FFE10300000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3079234779.00007FFE10303000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3079434883.00007FFE10305000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe10300000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                              • Instruction ID: 7982cf324a05ac998a92e73e2fe1a52ae62982242347a3a41bcd82e72c779e38
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F315E7260AF818AEB608F61E8503EE7364FB84754F44803ADB4E47BA8DF38D648C710
                                                                                                                                                                                                              Function 00007FFE12221960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083371646.00007FFE12221000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE12220000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083343932.00007FFE12220000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083389708.00007FFE12222000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083412959.00007FFE12224000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12220000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                                                                                              • Instruction ID: f5221c6eb08b5fe5d65c8703320d691d2bd1adf8ef1c095f519b1c1fff8c74c1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d51bb506f30b3b5fdb72a703574b3b87f2bee8d52957f5e63ce3b87c7c7ed3f5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB318A76608F818AEB608F62F8407ED3360FB94354F44403ADA4E47AA9DF7ED248C710
                                                                                                                                                                                                              Function 00007FFE0EBF1960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076680448.00007FFE0EBF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFE0EBF0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076662917.00007FFE0EBF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076698884.00007FFE0EBF3000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076714475.00007FFE0EBF5000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0ebf0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                              • Instruction ID: 7f8c3895473f162d003a302c88ba0e982cd96420cd6173e3d6a4b4e5c65e99ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f8ae4d2eff8d27b3a0b7405f1d7147d7316b9bc7e7709510c05685c771672a79
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94319072609B82C9EB748F64E8503ED33A0FB84344F44443ADA8D57BA9DF38D248CB04
                                                                                                                                                                                                              Function 00007FFE0EB61960 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076442788.00007FFE0EB61000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFE0EB60000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076424097.00007FFE0EB60000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076461929.00007FFE0EB66000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076481088.00007FFE0EB6B000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0eb60000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                              • Instruction ID: 26ef6a043d02a12a1174f655bde7bd1bae2a802db11dc8ea13c343b7363db790
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26897df24f70a55c30b919b36952ff972a20fdcb0ee0bee13c52e1828fe953fd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F312D72609F8289EB749F64E8903ED7365FB84744F44443ADA8E47AA8DF3CD648CB14
                                                                                                                                                                                                              Function 00007FFE0E174898 Relevance: 13.6, APIs: 9, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: ExceptionFilterPresentUnhandledmemset$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 313767242-0
                                                                                                                                                                                                              • Opcode ID: da0d7d784247a4b4951159941922c13f801490ef3653daa55212dcc33c950436
                                                                                                                                                                                                              • Instruction ID: 148d7b453818122bd87e690bb4e1380a6e11d0aaa496b7530ab1ad0484eec633
                                                                                                                                                                                                              • Opcode Fuzzy Hash: da0d7d784247a4b4951159941922c13f801490ef3653daa55212dcc33c950436
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E313E76A08B8186EB608F64E8503ED7371FB84B44F44443ADADE47BA9DF38D648C710
                                                                                                                                                                                                              Function 00007FFE012F222A Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 100COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3 ref: 00007FFE0136BC1A
                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3 ref: 00007FFE0136BC32
                                                                                                                                                                                                              • CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFE0136BD30
                                                                                                                                                                                                                • Part of subcall function 00007FFE01369F10: ERR_new.LIBCRYPTO-3(?,?,00007FFE0136BC05), ref: 00007FFE01369F9D
                                                                                                                                                                                                                • Part of subcall function 00007FFE01369F10: ERR_set_debug.LIBCRYPTO-3(?,?,00007FFE0136BC05), ref: 00007FFE01369FB5
                                                                                                                                                                                                                • Part of subcall function 00007FFE012F1CEE: CRYPTO_malloc.LIBCRYPTO-3 ref: 00007FFE012FFC82
                                                                                                                                                                                                                • Part of subcall function 00007FFE012F1CEE: memset.VCRUNTIME140 ref: 00007FFE012FFCB0
                                                                                                                                                                                                                • Part of subcall function 00007FFE012F1CEE: memcpy.VCRUNTIME140 ref: 00007FFE012FFCE5
                                                                                                                                                                                                                • Part of subcall function 00007FFE012F1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFE012FFD01
                                                                                                                                                                                                                • Part of subcall function 00007FFE012F1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFE012FFD5A
                                                                                                                                                                                                                • Part of subcall function 00007FFE012F1CEE: CRYPTO_clear_free.LIBCRYPTO-3 ref: 00007FFE012FFDD2
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_clear_free$R_newR_set_debug$O_mallocmemcpymemset
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_client_key_exchange
                                                                                                                                                                                                              • API String ID: 1067245891-2687227884
                                                                                                                                                                                                              • Opcode ID: 7d140191fdaccdb7f5dd66bb854c57b1edeaf98f0ecf9006dd804b52b7453e47
                                                                                                                                                                                                              • Instruction ID: 4dab997975c0058995712bb60246d399924638b63410dc109308a45f890d0229
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d140191fdaccdb7f5dd66bb854c57b1edeaf98f0ecf9006dd804b52b7453e47
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D1418E61F1C24384FB649B25A8157BA5254AF95BC4F56D032DD4E8F7FECE2CE5418700
                                                                                                                                                                                                              Function 00007FFE012F1212 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_zallocR_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\crypto\packet.c$wpacket_intern_init_len
                                                                                                                                                                                                              • API String ID: 3755831613-2385383871
                                                                                                                                                                                                              • Opcode ID: 93cac6a41678e226aac1b9a4fcaede6dd9d2dc2fc62e9267fa342d99650c5162
                                                                                                                                                                                                              • Instruction ID: 8f6a9b7c9d8a98dcff1ce63d74b45642c34f5bcbdb50f1cd8acb204dbf1a3ea9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 93cac6a41678e226aac1b9a4fcaede6dd9d2dc2fc62e9267fa342d99650c5162
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 62411432B18782C2EB14DB15E4402A973A4FB85BD4F514235EA6D4BBE6DF3CD551C740
                                                                                                                                                                                                              Function 00007FFDFF1912F0 Relevance: 10.8, APIs: 7, Instructions: 347COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mem_$MallocSubtypeType_$DeallocErr_FreeMemory
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4139299733-0
                                                                                                                                                                                                              • Opcode ID: 35a4b164d7d926b41929bb2b2ac8d3737955662c15fe271b4beba82657301c78
                                                                                                                                                                                                              • Instruction ID: 8a6fc2a6934474280b1615bbc6a21dcc4f2612d8f010baae281482af3ac13054
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 35a4b164d7d926b41929bb2b2ac8d3737955662c15fe271b4beba82657301c78
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94E1BBB3F1C55281FB348F159024A7923A9FB55B98F140335DA7EA26D8DF6DE882C780
                                                                                                                                                                                                              Function 00007FFE0135D170 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_mallocR_newR_set_debugmemcpy
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$construct_key_exchange_tbs
                                                                                                                                                                                                              • API String ID: 3542074325-1491770217
                                                                                                                                                                                                              • Opcode ID: fd5eeb63530773deb51f116d5f9fe9186ce15926bc507d37e824dacb478f9677
                                                                                                                                                                                                              • Instruction ID: 4ef47c8fc78608bea74a8eb7caab39d53a809e3d15eb10c6833daaf59571ae93
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd5eeb63530773deb51f116d5f9fe9186ce15926bc507d37e824dacb478f9677
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5C218422E08B8292E705DB65E9016E96720FB99BC4F459231DF8C17767EF3CE295C300
                                                                                                                                                                                                              Function 00007FFE101D2150 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077305025.00007FFE101D1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE101D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077283991.00007FFE101D0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077324741.00007FFE101D4000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077344275.00007FFE101D5000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077367222.00007FFE101D6000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe101d0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: memset$_wassert
                                                                                                                                                                                                              • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                              • API String ID: 3746435480-330188172
                                                                                                                                                                                                              • Opcode ID: ec1bbc4525a17b2e5544630095f9eeea00682da089bfad3eed65e714ba66035c
                                                                                                                                                                                                              • Instruction ID: 93085cc5b7ab3e2a4488307e2a620f3f5f1352616da2d6543643eb067e143e32
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec1bbc4525a17b2e5544630095f9eeea00682da089bfad3eed65e714ba66035c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7551AD233192D08ED309CF7E95400AC7F71E766B18708C0AAEBE48774BCA1CD669C761
                                                                                                                                                                                                              Function 00007FFE012F114F Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 114COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_freeR_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\record\rec_layer_d1.c$dtls1_process_buffered_records
                                                                                                                                                                                                              • API String ID: 2314896662-3750322838
                                                                                                                                                                                                              • Opcode ID: 67879ad32886238c6f3f838bc3d1a1cb93214a9e79e619f6edaea9e671e3193b
                                                                                                                                                                                                              • Instruction ID: 11df3df7b91c924ceb53e74c04e705f0ee6a5f84b1e26be6df0923227862bce1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67879ad32886238c6f3f838bc3d1a1cb93214a9e79e619f6edaea9e671e3193b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7417322B18682C1FB519F26D5402B92360EF89FC8F464136EE4D5F7A9DF2CD461C314
                                                                                                                                                                                                              Function 00007FFE012F1181 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_dtls.c
                                                                                                                                                                                                              • API String ID: 2581946324-3140652063
                                                                                                                                                                                                              • Opcode ID: e63d00a5a57e434b55901e15d2f42545ec6046d1d98a35ab01b6fea9addd210f
                                                                                                                                                                                                              • Instruction ID: 25cbd71a534be484774375ff7320317c22438ad075e83513390564152afb2a6f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e63d00a5a57e434b55901e15d2f42545ec6046d1d98a35ab01b6fea9addd210f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CF03051F05607C4FF14A716E8516F82711EF84F80F426031D91D4FAB6ED1DE6299711
                                                                                                                                                                                                              Function 00007FFE012F117C Relevance: 6.2, APIs: 4, Instructions: 157COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: H_deleteH_retrieve_time64
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 406310823-0
                                                                                                                                                                                                              • Opcode ID: f44faae684e3905543eced175f971e84d12effa27430db8e4172456c1a789f59
                                                                                                                                                                                                              • Instruction ID: f41a59e29f83ca84c3ff83a7ff4e2602ac2eccfaff4d53f3fe48df4522e258f0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f44faae684e3905543eced175f971e84d12effa27430db8e4172456c1a789f59
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3751E122B0978386EB65DF219455BBA2390BF86BC4F496034DE0E5FBA5EF3CE4418300
                                                                                                                                                                                                              Function 00007FFE012F11A9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_freeX_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                              • API String ID: 2813942177-1643863364
                                                                                                                                                                                                              • Opcode ID: 16a88570ee957e735644bdec5540f278f8c09d8907a1b7211975a298b9296d0f
                                                                                                                                                                                                              • Instruction ID: 736df911a2a1d23cd48d8fb7ab18964c12a737feca1ddb3661f6399a399c1e1e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 16a88570ee957e735644bdec5540f278f8c09d8907a1b7211975a298b9296d0f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DDE01261F4964391FF18B766A8512B802906F95BC0F855030ED1E5FBF3AE1CA5605711
                                                                                                                                                                                                              Function 00007FFE012F1140 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FFE012F4FA0: CRYPTO_free.LIBCRYPTO-3(?,?,?,?,?,00007FFE012F412F), ref: 00007FFE012F5094
                                                                                                                                                                                                              • CRYPTO_free.LIBCRYPTO-3 ref: 00007FFE012F4146
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                              • String ID: ..\s\crypto\packet.c
                                                                                                                                                                                                              • API String ID: 2581946324-3021818708
                                                                                                                                                                                                              • Opcode ID: 17d06eb9d22a5cd07f8da9464462154e8f599e77b3caf41af0fe62863e58ac01
                                                                                                                                                                                                              • Instruction ID: 68ad6d33a6b241a5de816777e48da6178963e457aefdabaffb21a0167f59e78b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17d06eb9d22a5cd07f8da9464462154e8f599e77b3caf41af0fe62863e58ac01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 65F0BBA1B146C381EB20AB25A84037B13E5EFD5B90F545034E90C5F7A5DFACE891D700
                                                                                                                                                                                                              Function 00007FFE0133E200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions.c
                                                                                                                                                                                                              • API String ID: 2581946324-1165805907
                                                                                                                                                                                                              • Opcode ID: 19486f1f70c6fc214faf183a925b9ec0f1369ca687dbcddd0267e641ce2128b8
                                                                                                                                                                                                              • Instruction ID: c91741b5c44dab9c25a3e17ce4408753d088fc87e3514bd841c7a105aef74ca3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 19486f1f70c6fc214faf183a925b9ec0f1369ca687dbcddd0267e641ce2128b8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79E05B61F017818AE7C19B65D8453D82298EB4DF44F544035DD4CCF766ED5DC3A14710
                                                                                                                                                                                                              Function 00007FFE012FB200 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_clear_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_enc.c
                                                                                                                                                                                                              • API String ID: 2011826501-1839494539
                                                                                                                                                                                                              • Opcode ID: a3fd00c98839b7e8c1664afbc487672423ed4b4892010f20281f31aa65610e19
                                                                                                                                                                                                              • Instruction ID: 3a09622b3aa6614491b72727e8a446113c339259d71bb47732358be771db37cb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a3fd00c98839b7e8c1664afbc487672423ed4b4892010f20281f31aa65610e19
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09E0EC72A05A8686E7859B65A8457D822A8EB4CB88F985031E94C8B761EE2CC7938750
                                                                                                                                                                                                              Function 00007FFE012F107D Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 14COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_free
                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c
                                                                                                                                                                                                              • API String ID: 2581946324-1643863364
                                                                                                                                                                                                              • Opcode ID: be4ffea58fc3db61d405c2d1930b5cd1548967875a76bd85a1fb081c342cea19
                                                                                                                                                                                                              • Instruction ID: df35e59749c500a4a03120a959fcb66a0e2f5357fa90e66928d3c185a86d8082
                                                                                                                                                                                                              • Opcode Fuzzy Hash: be4ffea58fc3db61d405c2d1930b5cd1548967875a76bd85a1fb081c342cea19
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34D05E21F19183C0EB54775698416FC2320FB85F40F950131E92D5EBB2DC0CA656A700
                                                                                                                                                                                                              Function 00007FFE0130E227 Relevance: 1.5, APIs: 1, Instructions: 36COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: D_unlockD_write_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1724170673-0
                                                                                                                                                                                                              • Opcode ID: dba52de233cc2b69350f587698fd3148d50166bd7fb018036490d9ced0c3ceee
                                                                                                                                                                                                              • Instruction ID: 19f7206b65c6a7290978e45659d308ec4dcbe1071f455aae022d3d22aa925d76
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dba52de233cc2b69350f587698fd3148d50166bd7fb018036490d9ced0c3ceee
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 90D02B12F081C282EB446793FC042E553A4EF48BC8F295030FA4C8BBB6ED1CC9610700
                                                                                                                                                                                                              Function 00007FFE013021F0 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: D_run_once
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1403826838-0
                                                                                                                                                                                                              • Opcode ID: 001cd4771d6f2b870f5e2e680b4ac14c104d7506a7621e2cc91e670adcdf643c
                                                                                                                                                                                                              • Instruction ID: 651012a5b71681744db850b8d4d9a7f8e5c78b8728b5dff5a6e20d74f5bf927a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 001cd4771d6f2b870f5e2e680b4ac14c104d7506a7621e2cc91e670adcdf643c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2BE0EC24F0958396FB4EAB68E8656B52290EF91364FD14139E41D8A5F1DE2CF9158700
                                                                                                                                                                                                              Function 00007FFE0E163A40 Relevance: 73.8, APIs: 30, Strings: 12, Instructions: 293stringmemoryCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$DeallocObject_$Attr$Err_Unicode_$CompareType_Withstrcmp$Clear$AllocCalculateCallDictFastFromGenericMetaclassReadyTrueVectorcall
                                                                                                                                                                                                              • String ID: ABCMeta$GenericMeta$TypingMeta$_ProtocolMeta$__module__$__orig_bases__$__slots__$abc$mypyc classes can't have __slots__$mypyc classes can't have a metaclass$typing$typing_extensions
                                                                                                                                                                                                              • API String ID: 3039355408-3015203947
                                                                                                                                                                                                              • Opcode ID: fc01501446bcb0932445bd371b905c18868a20e5e38a14b6cc68d462133ba378
                                                                                                                                                                                                              • Instruction ID: 820964da0762b045b85513134d863a46ffda4b421e8aace5efada66d5fbdcde4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc01501446bcb0932445bd371b905c18868a20e5e38a14b6cc68d462133ba378
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9D13922A09B4781FA558F29E95427823B1BF99F84F859037DEDE462B6EF3CE455C300
                                                                                                                                                                                                              Function 00007FFE0E161940 Relevance: 60.0, APIs: 20, Strings: 14, Instructions: 487stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Dict_Format$ItemString$DeallocErrorNextOccurredWith$EqualSliceTuple_Unicode_strchr
                                                                                                                                                                                                              • String ID: %.200s%s missing required argument '%s' (pos %d)$%.200s%s missing required keyword-only argument '%s'$%.200s%s takes %s %d positional argument%s (%zd given)$%.200s%s takes at most %d %sargument%s (%zd given)$%.200s%s takes no positional arguments$'%U' is an invalid keyword argument for %.200s%s$argument for %.200s%s given by name ('%s') and position (%d)$at least$at most$exactly$function$keyword $keywords must be strings$this function
                                                                                                                                                                                                              • API String ID: 3559638176-2999033026
                                                                                                                                                                                                              • Opcode ID: 472f4f9f8299c3341ed41dc1c5e037ba981d8da0672be7a5b717d0054c70edec
                                                                                                                                                                                                              • Instruction ID: ce0b6d89c806c0056d90d981e02e16f9b793757547d84cea003d10dbd8f0969a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 472f4f9f8299c3341ed41dc1c5e037ba981d8da0672be7a5b717d0054c70edec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60224A72A0AB8795EA258F55E4406AA73B2FB84B84F944037DACE47A75DF3CE445CB00
                                                                                                                                                                                                              Function 00007FFE0E1626B0 Relevance: 45.9, APIs: 13, Strings: 13, Instructions: 445COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Format$DeallocDict_$ContainsItemSequence_Tuple_Unicode_
                                                                                                                                                                                                              • String ID: %.200s%s missing required argument '%U' (pos %d)$%.200s%s missing required keyword-only argument '%U'$%.200s%s takes %s %d positional argument%s (%zd given)$%.200s%s takes at most %d %sargument%s (%zd given)$%.200s%s takes no positional arguments$'%S' is an invalid keyword argument for %.200s%s$argument for %.200s%s given by name ('%U') and position (%d)$at least$at most$exactly$function$keyword $this function
                                                                                                                                                                                                              • API String ID: 3590232122-3030676885
                                                                                                                                                                                                              • Opcode ID: a8eea02c3b07e2ff6cb39e40c52a5c2aa07c07cd8d71459f28f81541a26c547c
                                                                                                                                                                                                              • Instruction ID: 6cbec03e3d05fac16ca321698c4ac37466d0ff0b5add0e115dd2f20230412978
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a8eea02c3b07e2ff6cb39e40c52a5c2aa07c07cd8d71459f28f81541a26c547c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91125732A0AB4786EA618F45E8846B973A5FB88B80F944437DACE97775DF3CE445C700
                                                                                                                                                                                                              Function 00007FFE0E16BC10 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 367COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_$Object_Vectorcall$ChainCode_ContainsDict_EmptyErrorExceptions1FetchFormatFrame_ItemMethodNumber_ObjectOccurredSet_State_SubtypeThreadType_With
                                                                                                                                                                                                              • String ID: bool$feed$set$str$str or None
                                                                                                                                                                                                              • API String ID: 870744741-82482222
                                                                                                                                                                                                              • Opcode ID: 51f611ff3c93586a9fe96285693b6b9cd97998bcb93241a8aecce25a5d51272b
                                                                                                                                                                                                              • Instruction ID: 283a12adb636b14b2e2a411b5ba28b7001d57599e5feed06cb762797aa343291
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 51f611ff3c93586a9fe96285693b6b9cd97998bcb93241a8aecce25a5d51272b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29022432E0DA4385FB609F25E8546B967B1AF45B88F484037DACE876B6DE3CE540C740
                                                                                                                                                                                                              Function 00007FFE0E16B0D0 Relevance: 44.1, APIs: 22, Strings: 3, Instructions: 384COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_Vectorcall$Err_Method$ChainCode_EmptyExceptions1FetchFrame_Number_State_Thread
                                                                                                                                                                                                              • String ID: bool$feed$str
                                                                                                                                                                                                              • API String ID: 290852211-2613659865
                                                                                                                                                                                                              • Opcode ID: 9b663b05d07f92b9d42eb17ef7dbc6039992f9863f0547a5bde711e1c0493b6d
                                                                                                                                                                                                              • Instruction ID: 2fcc8ff2bac3b4565190cd846f0e287d52e41c4198c4ce015951e9bfe551d1f8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b663b05d07f92b9d42eb17ef7dbc6039992f9863f0547a5bde711e1c0493b6d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B021732E0DA0385EB609B65E9557B923A2EF45B88F485037DADE876B6DF3CE4408740
                                                                                                                                                                                                              Function 00007FFE0E1699D0 Relevance: 37.1, APIs: 18, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_$Vectorcall$CompareContainsErr_FormatMethodNumber_RichSet_SubtypeType_
                                                                                                                                                                                                              • String ID: bool$feed$set
                                                                                                                                                                                                              • API String ID: 581062071-561237756
                                                                                                                                                                                                              • Opcode ID: d116754c70db650f028e2262370aadb3cbbf903adb172e94a875fa08e5a6007a
                                                                                                                                                                                                              • Instruction ID: a2dd05f88cf65718e8b38e375c694cb96e6ad09abc37589e580101e3b77b4be6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d116754c70db650f028e2262370aadb3cbbf903adb172e94a875fa08e5a6007a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DD10D32A09A0382FB619B15E95537963A2AF85F95F484037CACE477B6DF3DE480C750
                                                                                                                                                                                                              Function 00007FFE0132E1F0 Relevance: 35.2, APIs: 7, Strings: 13, Instructions: 248COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE0132D7CC), ref: 00007FFE0132E23B
                                                                                                                                                                                                              • BIO_indent.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE0132D7CC), ref: 00007FFE0132E3E7
                                                                                                                                                                                                              • BIO_puts.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE0132D7CC), ref: 00007FFE0132E3FD
                                                                                                                                                                                                              • BIO_puts.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE0132D7CC), ref: 00007FFE0132E415
                                                                                                                                                                                                              • BIO_printf.LIBCRYPTO-3(?,?,?,?,?,?,?,00007FFE0132D7CC), ref: 00007FFE0132E24F
                                                                                                                                                                                                                • Part of subcall function 00007FFE0132DBC0: BIO_printf.LIBCRYPTO-3(?,00007FFE0132B04A), ref: 00007FFE0132DC04
                                                                                                                                                                                                                • Part of subcall function 00007FFE0132DBC0: BIO_printf.LIBCRYPTO-3(?,00007FFE0132B04A), ref: 00007FFE0132DC1F
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_printf$O_indentO_puts
                                                                                                                                                                                                              • String ID: KeyExchangeAlgorithm=%s$UNKNOWN$UNKNOWN CURVE PARAMETER TYPE %d$dh_Ys$dh_g$dh_p$explicit_char2$explicit_prime$named_curve: %s (%d)$point$psk_identity_hint$rsa_exponent$rsa_modulus
                                                                                                                                                                                                              • API String ID: 3310571797-1380109711
                                                                                                                                                                                                              • Opcode ID: 47121956bf6636675cfb9b2e70c2587bc754de3f6f9d9fe41b36e48461540114
                                                                                                                                                                                                              • Instruction ID: c95c0af1b4e8818ced0eee5db278a736a99186523d1722b2747b99a0138384e3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47121956bf6636675cfb9b2e70c2587bc754de3f6f9d9fe41b36e48461540114
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B0A1F432B086D685EB24DB15E4162FAB7A2FB95380F464132DE9D1BBA4EF3CE515C301
                                                                                                                                                                                                              Function 00007FFE0E1622C0 Relevance: 35.2, APIs: 10, Strings: 10, Instructions: 218stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strchr
                                                                                                                                                                                                              • String ID: %$Empty keyword parameter name$Empty parameter name after $$Invalid format string ($ before |)$Invalid format string ($ specified twice)$Invalid format string (@ specified twice)$Invalid format string (@ without preceding | and $)$Invalid format string (| specified twice)$More keyword list entries (%d) than format specifiers (%d)$more argument specifiers than keyword list entries (remaining format:'%s')
                                                                                                                                                                                                              • API String ID: 2830005266-262724644
                                                                                                                                                                                                              • Opcode ID: 942da03b978758b716a43153c0e212ac42462fc62c910e9a3e30485cf1f9793b
                                                                                                                                                                                                              • Instruction ID: 0bc1296f6b6a31f87f243fcf2b99a37ddaedf1a848d1255390581f9c03423211
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 942da03b978758b716a43153c0e212ac42462fc62c910e9a3e30485cf1f9793b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C2914C71A09A43C6EB648B25E45027837A1FB48B98F549137DADE47BB5EF3CE4A1C700
                                                                                                                                                                                                              Function 00007FFE12E12138 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 123threadtimeCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083454900.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083434753.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083499244.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12e10000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Eval_Thread$Err_Thread_acquire_lock_timedTime_$CallsDeadline_FromMakeMicrosecondsModuleNoneObjectPendingRestoreSaveSecondsState_StringThread_release_lockType_
                                                                                                                                                                                                              • String ID: 'timeout' must be a non-negative number$timeout value is too large
                                                                                                                                                                                                              • API String ID: 1400298838-4256478105
                                                                                                                                                                                                              • Opcode ID: 024861a6106d3aa4d6ddea22c97cbfe2d1fb6628fe90f464c247d24666294212
                                                                                                                                                                                                              • Instruction ID: 8f72e8f7a1411308dc45beabc41eb07cb6227c0a80506343e8a9881fd84772ef
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 024861a6106d3aa4d6ddea22c97cbfe2d1fb6628fe90f464c247d24666294212
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5F517061B08E6292EB169B53DC5013E23A0FB88BA0F404579CE1E47BB4DFBCE455E312
                                                                                                                                                                                                              Function 00007FFE01300070 Relevance: 31.6, APIs: 16, Strings: 2, Instructions: 101COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug$X_freeX_new_from_name
                                                                                                                                                                                                              • String ID: ..\s\ssl\s3_lib.c$ssl_generate_pkey_group
                                                                                                                                                                                                              • API String ID: 3722767420-2496621805
                                                                                                                                                                                                              • Opcode ID: e778f0b2100a50347968ddd27cc6f13c2a7adcf12e018d42b4741d773e9773f8
                                                                                                                                                                                                              • Instruction ID: f81833250623ac986e2569c87166270c941237e345ef1ba781a630748a419051
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e778f0b2100a50347968ddd27cc6f13c2a7adcf12e018d42b4741d773e9773f8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2D418C21B1D74381F754EB61E861AF92360AF967C4F825136ED8D5BAB6DE2CE500C740
                                                                                                                                                                                                              Function 00007FFE012F2216 Relevance: 30.0, APIs: 15, Strings: 2, Instructions: 213COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_key_share
                                                                                                                                                                                                              • API String ID: 193678381-166674739
                                                                                                                                                                                                              • Opcode ID: 3d54f432a21c69ec89392fa1055242ed499851da1c9f716241028e5d558cc84c
                                                                                                                                                                                                              • Instruction ID: c7bf9d7ccb0ef2dbc5faeb03d0e579cde23f7fdb5140c1fb406262159af7f2b7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d54f432a21c69ec89392fa1055242ed499851da1c9f716241028e5d558cc84c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD91C461E0C69382FB609B2194442FAA291EF41784F469135DD9D1FBFECF3CE9419740
                                                                                                                                                                                                              Function 00007FFE012F1078 Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 148COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_errorX_set0_default$conf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_mcnf.c$b$name=%s$ssl_do_config$system_default
                                                                                                                                                                                                              • API String ID: 4067701900-3682008298
                                                                                                                                                                                                              • Opcode ID: 7a9684e067412c6f74cea62a49b5dd3e0c4a189eb28a23296fb3597d50907f35
                                                                                                                                                                                                              • Instruction ID: 78582826a2553f65af57fd69ee1c8981a73818c1b645c1da55deda8c8f50ee4e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7a9684e067412c6f74cea62a49b5dd3e0c4a189eb28a23296fb3597d50907f35
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D251E262A0D283C1FB20AB62A9117FA6351FF85BC4F429035EE4E4B6A6DE3CE545C340
                                                                                                                                                                                                              Function 00007FFE012F215D Relevance: 26.4, APIs: 13, Strings: 2, Instructions: 139stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error$L_sk_freeL_sk_new_nullstrchrstrncmp
                                                                                                                                                                                                              • String ID: ..\s\ssl\d1_srtp.c$ssl_ctx_make_profiles
                                                                                                                                                                                                              • API String ID: 4085728402-118859582
                                                                                                                                                                                                              • Opcode ID: aaf1646f3a62ad21456d25cce2090d56c4c5a22c7e010551de2a734122597230
                                                                                                                                                                                                              • Instruction ID: 8cdd6e3ba59123d5e6d707f479c54460ea370baf46d04ded94951900b0409856
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aaf1646f3a62ad21456d25cce2090d56c4c5a22c7e010551de2a734122597230
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA51B421F0D28386FF509B65A8043BA6291AF86BC4F558439EE4D5F7A6DE3DE4829700
                                                                                                                                                                                                              Function 00007FFE0E161060 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$List_$Object_$AppendAttrCallErr_FastLookupSliceStringTuple
                                                                                                                                                                                                              • String ID: __mro_entries__ must return a tuple
                                                                                                                                                                                                              • API String ID: 1865160900-2385075324
                                                                                                                                                                                                              • Opcode ID: 37322ac17c138e4a09fb32364ccd5574d27d77c52f9d5783fb61b6637d80e857
                                                                                                                                                                                                              • Instruction ID: 632a7c1bde8f335368ba0773be060f01b316505defed80b75246e73083e2b8f8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37322ac17c138e4a09fb32364ccd5574d27d77c52f9d5783fb61b6637d80e857
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A7516D36B0A64392EA158F66E94427963B2EF45FD5F084432CE8D866B6DF3CE4918300
                                                                                                                                                                                                              Function 00007FFE0E163F60 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 96COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_$AttrDict_Object_String$ClearExceptionItemMatches
                                                                                                                                                                                                              • String ID: __mypyc_attrs__$__mypyc_attrs__ is not a tuple
                                                                                                                                                                                                              • API String ID: 2346549887-4201147154
                                                                                                                                                                                                              • Opcode ID: acf39d951d849e3cc5e043f7fd171512d2d715d986dea92e9f47f2a0639b3d76
                                                                                                                                                                                                              • Instruction ID: b054985b6496c4ca75d1bf418972be4ffad8ab029d7f3ab24f66a22f178844c3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: acf39d951d849e3cc5e043f7fd171512d2d715d986dea92e9f47f2a0639b3d76
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25412726A08A13C2EA559F12E9542B963B1BF88F95F448032CE9D467B2DF3DE8858301
                                                                                                                                                                                                              Function 00007FFE0E163600 Relevance: 22.8, APIs: 5, Strings: 8, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFE0E1614D8), ref: 00007FFE0E163609
                                                                                                                                                                                                              • fprintf.MSPDB140-MSVCRT ref: 00007FFE0E163619
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E161010: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FFE0E161047
                                                                                                                                                                                                              • __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFE0E1614D8), ref: 00007FFE0E163623
                                                                                                                                                                                                              • fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFE0E1614D8), ref: 00007FFE0E16362C
                                                                                                                                                                                                              • abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE0E1614D8), ref: 00007FFE0E163632
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: __acrt_iob_func$__stdio_common_vfprintfabortfflushfprintf
                                                                                                                                                                                                              • String ID: %U%U%s$%U.%U$None$__module__$__qualname__$builtins$fatal: out of memory$tuple[<%d items>]
                                                                                                                                                                                                              • API String ID: 3462009215-2533303582
                                                                                                                                                                                                              • Opcode ID: c49ff69f5d3c7958111c9c2901fae757a9ff6c54873aa7a9c79aa51dd9ac54d8
                                                                                                                                                                                                              • Instruction ID: 4c394ca60abdd9d5d9e3f2df72ad639fba2f183f43ed54910d8f5ed9ce3c423a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c49ff69f5d3c7958111c9c2901fae757a9ff6c54873aa7a9c79aa51dd9ac54d8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1D09E60F1950292FA08AB51EC5A2783337BF44F43F90043AC5CE063B5DE3C64488351
                                                                                                                                                                                                              Function 00007FFDFF194808 Relevance: 21.1, APIs: 7, Strings: 5, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CompareUnicode_$DeallocStringWith
                                                                                                                                                                                                              • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                              • API String ID: 1004266020-3528878251
                                                                                                                                                                                                              • Opcode ID: af26892aff1d8045e963e496d2751d5e301b46a530bc7b3c9d9d9e4ca357d1c9
                                                                                                                                                                                                              • Instruction ID: 2b690cfdb25477bc0b661f1dc4c1513791b09860562a30bfefc9f057f1bd281f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: af26892aff1d8045e963e496d2751d5e301b46a530bc7b3c9d9d9e4ca357d1c9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8412D23F0864295EB248F12A8B0A3563A1AB49B89F544235CD7D977DCDF2DE414D380
                                                                                                                                                                                                              Function 00007FFDFF1924D0 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 81COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$DeallocObjectObject_$ConstantFromSpecStringTrackTypeType_
                                                                                                                                                                                                              • String ID: 15.0.0$_ucnhash_CAPI$ucd_3_2_0$unidata_version
                                                                                                                                                                                                              • API String ID: 2663085338-4141011787
                                                                                                                                                                                                              • Opcode ID: 13d2541d63d5590277e7306063f0ab8f10eec6f80969a73a59eba5495f8f2869
                                                                                                                                                                                                              • Instruction ID: 7dcc9829e4558b66666710116e42fde3e5cb63e5e671bc7d410cf095cbf93b5d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 13d2541d63d5590277e7306063f0ab8f10eec6f80969a73a59eba5495f8f2869
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D311A23F1968385FB355F219834AB82394AF49F88F444234C93E56AEDDF6CE5458780
                                                                                                                                                                                                              Function 00007FFE0E173E20 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 79COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: AttrCapsule_DeallocObject_String$Create2Module_
                                                                                                                                                                                                              • String ID: charset_normalizer.md__mypyc.exports$charset_normalizer.md__mypyc.init_charset_normalizer___md$exports$init_charset_normalizer___md
                                                                                                                                                                                                              • API String ID: 2519120496-2411258805
                                                                                                                                                                                                              • Opcode ID: f2c90af9684fb1db86fa60abe20920a8a6357a815e157ae73eca5ed058299bbc
                                                                                                                                                                                                              • Instruction ID: 58f06ae87301de68a774f20402051be043c41645cd7667f4fc3f5901d6866468
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f2c90af9684fb1db86fa60abe20920a8a6357a815e157ae73eca5ed058299bbc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C7311231A1DA03C1FA459B65F85467823B1AF88F90F881037DAEE067B4EE3CE484DB00
                                                                                                                                                                                                              Function 00007FFE0E166F40 Relevance: 19.6, APIs: 13, Instructions: 115threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2819143443-0
                                                                                                                                                                                                              • Opcode ID: 4da51f652f50e0e14fbcb3d79e1efce5bf02c0f17490548a9fc299314159cba6
                                                                                                                                                                                                              • Instruction ID: 72b4c58205b84ad7c5a7fa990b694730da4a70c542d73bc8ebf963c2c70404c5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4da51f652f50e0e14fbcb3d79e1efce5bf02c0f17490548a9fc299314159cba6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B451D536908A4382EB554F34985837C23A1EB46F7DF245376CAB9422F6CF7EA485C310
                                                                                                                                                                                                              Function 00007FFDFF1911B0 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 152COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CompareStringUnicode_With$Mem_$FreeMallocSubtypeType_
                                                                                                                                                                                                              • String ID: NFC$NFD$NFKC$NFKD$invalid normalization form
                                                                                                                                                                                                              • API String ID: 1723213316-3528878251
                                                                                                                                                                                                              • Opcode ID: 9ebbeb7ffb067a2c84aacc1cf291dabc7e77949c11924730220a14a4a7e8ad4f
                                                                                                                                                                                                              • Instruction ID: 1d6055f36691b6918f7214f3ba408ebf911e92b02d61fb21deb539f6b83ffa71
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ebbeb7ffb067a2c84aacc1cf291dabc7e77949c11924730220a14a4a7e8ad4f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 10516D63F0C25281FB70AF25A470E792391AB56BC8F645335D979A7ACDDF2CE4818380
                                                                                                                                                                                                              Function 00007FFDFF1943F4 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 109COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: $%04X$a unicode character$argument$decomposition
                                                                                                                                                                                                              • API String ID: 1318908108-4056541097
                                                                                                                                                                                                              • Opcode ID: 84a528a47654cdde31738837f18bb607aa473ddf7d16b6eb27ea2fde83817aeb
                                                                                                                                                                                                              • Instruction ID: 0c2347c7cf76f84a629bebe3dfc653eef7481297876e4d8618107810a684a41d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 84a528a47654cdde31738837f18bb607aa473ddf7d16b6eb27ea2fde83817aeb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 31418063F0868281EB358F15A860AB923A1FB59B98F544335C97E476CCDF2CE555C740
                                                                                                                                                                                                              Function 00007FFE012F119F Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 97COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_read_early_data
                                                                                                                                                                                                              • API String ID: 1552677711-1193762697
                                                                                                                                                                                                              • Opcode ID: e0887a0330d3f20f76b57b849052d306993ff746fc90524e766ae11b4388de1f
                                                                                                                                                                                                              • Instruction ID: 223b6001b6e96134982ea7a8b755d93e1441752e46faaf703be41fde32c6d303
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e0887a0330d3f20f76b57b849052d306993ff746fc90524e766ae11b4388de1f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5241BD31A19783C6F7609B61A8557BA2290FB40B84F695035EA8E8A6B6CF3CE401DB10
                                                                                                                                                                                                              Function 00007FFE0E1638F0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 64threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_$Back_ChainCode_EmptyExceptions1FetchFrame_HereRestoreState_ThreadTrace
                                                                                                                                                                                                              • String ID: charset_normalizer\md.py
                                                                                                                                                                                                              • API String ID: 1599779757-1392889821
                                                                                                                                                                                                              • Opcode ID: 3cb54b9bf2c2ad4cf81feb0359181a100641a5cd8f1976594daf6723474b8065
                                                                                                                                                                                                              • Instruction ID: c76af11b8069783e0ae7bd6fb98affbaf4eb8569c0127afbcc525e8648a7612e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3cb54b9bf2c2ad4cf81feb0359181a100641a5cd8f1976594daf6723474b8065
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C621D576A08B42C2EA158B61E944269A3B1FB89FD5F484036DADE43B79DF3CE544CB40
                                                                                                                                                                                                              Function 00007FFE01309080 Relevance: 18.1, APIs: 12, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • OPENSSL_sk_dup.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE013090AB
                                                                                                                                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE013090C4
                                                                                                                                                                                                              • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE013090D5
                                                                                                                                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE013090F0
                                                                                                                                                                                                              • OPENSSL_sk_num.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE013090FC
                                                                                                                                                                                                              • OPENSSL_sk_value.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE01309119
                                                                                                                                                                                                              • OPENSSL_sk_unshift.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE0130913F
                                                                                                                                                                                                              • OPENSSL_sk_dup.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE01309151
                                                                                                                                                                                                              • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE01309161
                                                                                                                                                                                                              • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE0130916D
                                                                                                                                                                                                              • OPENSSL_sk_set_cmp_func.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE0130917F
                                                                                                                                                                                                              • OPENSSL_sk_free.LIBCRYPTO-3(?,?,00000000,00007FFE01305694), ref: 00007FFE0130918F
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: L_sk_freeL_sk_num$L_sk_dupL_sk_value$L_sk_set_cmp_funcL_sk_unshift
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 621534355-0
                                                                                                                                                                                                              • Opcode ID: 178bee6722321e65cfedf7eb940de1229f7e8b50f333a6977fd5bd260898bda3
                                                                                                                                                                                                              • Instruction ID: cb42ef8fce365507d718ea127bbc17f67bc604d7a2ed297ecdd6f74251b2c6ad
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 178bee6722321e65cfedf7eb940de1229f7e8b50f333a6977fd5bd260898bda3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1319621B0864385EB15EF66A8652796791AFC9BC4F1A9038EE8D4F7B3DE3DE4018700
                                                                                                                                                                                                              Function 00007FFE101D1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077305025.00007FFE101D1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE101D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077283991.00007FFE101D0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077324741.00007FFE101D4000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077344275.00007FFE101D5000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077367222.00007FFE101D6000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe101d0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                              • Opcode ID: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                              • Instruction ID: fa7346be246e08f8c6996c3399b611dce4790ba19bad3ce020d0ca2d1cbd004f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d8b20e02c901b865873e7091ce4e44ae4228cf79fcdaf74b4f9438ea969cd35b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8981AE61F0CE4366FB50AB67A4592B92290BF957A0F5441B7EBCC877B6DE3CE4428700
                                                                                                                                                                                                              Function 00007FFDFF192740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                              • Opcode ID: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                              • Instruction ID: 66c0644feb504b3f1df80063545863c12d0e34e4b7a7d0c41857820492c6f4da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 24815D23F0828386F7749F669861AB923D0AF55B88F544235D93C976DEDFBCE8458280
                                                                                                                                                                                                              Function 00007FFE12E11190 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083454900.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083434753.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083499244.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12e10000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                              • Opcode ID: eb90ca1ee577f0b59d2d87c7a67cf798978c29ba68fe58bea907e0dc7a2201bc
                                                                                                                                                                                                              • Instruction ID: fcd7a9e3a10c8a40786bca00c7e0ad19a25a910added9d7f4af41863b0acde36
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb90ca1ee577f0b59d2d87c7a67cf798978c29ba68fe58bea907e0dc7a2201bc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9481A220E0CE4346FB56AB679C412BB66D0AF45BA0F4441BDD90D4B7B6DEFCE441A603
                                                                                                                                                                                                              Function 00007FFE0EC01030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076745307.00007FFE0EC01000.00000020.00000001.01000000.0000001F.sdmp, Offset: 00007FFE0EC00000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076729501.00007FFE0EC00000.00000002.00000001.01000000.0000001F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076767461.00007FFE0EC02000.00000002.00000001.01000000.0000001F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076791667.00007FFE0EC04000.00000002.00000001.01000000.0000001F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0ec00000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                              • Opcode ID: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                                                                                              • Instruction ID: 4d6767da28010d0d014b69e149cafdfbdb021a61a526a9327dd1eb7ddfe1728f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BF81A221E0E2C366FB549BE694C12B9A294AF45784F4C4035EACC877B6DF3FE9458702
                                                                                                                                                                                                              Function 00007FFE10301030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3078994760.00007FFE10301000.00000020.00000001.01000000.0000001A.sdmp, Offset: 00007FFE10300000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3078674842.00007FFE10300000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3079234779.00007FFE10303000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3079434883.00007FFE10305000.00000002.00000001.01000000.0000001A.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe10300000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                              • Opcode ID: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                                                                                              • Instruction ID: 5b3dd1f0e6d6e36c5dc0d4af91c53c77e8edd437d5de81234b097b384895aae7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f5290068470706af306daab517f58543be73385f34af613a25d9ec276a3a886
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 51819061E0AE4346F658AB6798412BE6394AF85BA0F4480B5DB4C877BEDE3CE7458700
                                                                                                                                                                                                              Function 00007FFE12221030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083371646.00007FFE12221000.00000020.00000001.01000000.00000014.sdmp, Offset: 00007FFE12220000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083343932.00007FFE12220000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083389708.00007FFE12222000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083412959.00007FFE12224000.00000002.00000001.01000000.00000014.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12220000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                              • Opcode ID: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                                                                                              • Instruction ID: cfdc3fa457f338c36ee7e142abb9a5ff6d6ed36d1598414a78302b1e58f39402
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 24c3fed21fc67ae49763962a26a68a14fa9aac4efc55a0f38d91ad800b1c64bd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0981BD29E08A5346FB509B67BC41ABD2290AFC57A0F6441B5EA0C977B7DEFFE501C600
                                                                                                                                                                                                              Function 00007FFE0EBF1030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076680448.00007FFE0EBF1000.00000020.00000001.01000000.00000020.sdmp, Offset: 00007FFE0EBF0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076662917.00007FFE0EBF0000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076698884.00007FFE0EBF3000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076714475.00007FFE0EBF5000.00000002.00000001.01000000.00000020.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0ebf0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                              • Opcode ID: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                              • Instruction ID: 92e64a78d97cfcdfbcc44d1b2eddd17b8d5df819d145fdea57aba8a2666c9df7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e347b0b31fdc3b33f3650616a24c4580738b1cdf7c2697dd32cd46ce7f28e42
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9816E61E0E243C6FA7CAF6E94412B96290AF55780F444935DACDA77B7DE3CE9068F00
                                                                                                                                                                                                              Function 00007FFE0EB61030 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076442788.00007FFE0EB61000.00000020.00000001.01000000.00000023.sdmp, Offset: 00007FFE0EB60000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076424097.00007FFE0EB60000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076461929.00007FFE0EB66000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076481088.00007FFE0EB6B000.00000002.00000001.01000000.00000023.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0eb60000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 349153199-0
                                                                                                                                                                                                              • Opcode ID: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                              • Instruction ID: f170dbf2bf653e7e978d55b8babe012f2546cac8e71636f0b39328833e2d31be
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3667c9311effcda5bebfcd6f0c463b07b4ccdab133b9d1969c09bf43b1d98b8c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94818F61E0EE4346FB70AF6E94412B966A0BF95780F444435DACD977B6DE3CE8468F00
                                                                                                                                                                                                              Function 00007FFE0E16E200 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 154COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocFromLong_Ssize_t$BoolCompareErr_Object_OccurredRich
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.CjkInvalidStopPlugin$ratio
                                                                                                                                                                                                              • API String ID: 871640449-4126926341
                                                                                                                                                                                                              • Opcode ID: d2c52b59d3982561f8e691c686706920159fa48aa1597fce82d91905c0461912
                                                                                                                                                                                                              • Instruction ID: 06a1e850209ce454a88fe4241c14c51613294dcb047141a991320905160dc1fa
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d2c52b59d3982561f8e691c686706920159fa48aa1597fce82d91905c0461912
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC519129E0CA0781FA549B25E4042B973A2AF55B94F484237DEDE077F2DF3CE6808700
                                                                                                                                                                                                              Function 00007FFE0E1648E0 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$FromLong_Ssize_t$Err_ItemObject_Slice_String
                                                                                                                                                                                                              • String ID: interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 575668516-2110327174
                                                                                                                                                                                                              • Opcode ID: 69e1c29e9782ffd932231792209ed7304127e97b9ef8ab445ec094408cf8d2b1
                                                                                                                                                                                                              • Instruction ID: 835b9aa61ad8d91cfd6e136f43b56cc886feec074950f5df7dd0a3e9026c6920
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69e1c29e9782ffd932231792209ed7304127e97b9ef8ab445ec094408cf8d2b1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BA415E32A49A03C5FA649F25A95427863A1BF49FA4F484232DAEF467F6DF3CE4518700
                                                                                                                                                                                                              Function 00007FFE0E16F8F0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_$Dict_ErrorItemNumber_ObjectObject_OccurredVectorcallWith
                                                                                                                                                                                                              • String ID: bool$feed
                                                                                                                                                                                                              • API String ID: 3589194245-2849697477
                                                                                                                                                                                                              • Opcode ID: 8c09e68722223db5c0648520e62feb62c82282b603d31a39a83b1347394167d7
                                                                                                                                                                                                              • Instruction ID: f4da308b7e5c6df46295e859d7445c9551224bada9ff1299e8aa7fdff258876f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8c09e68722223db5c0648520e62feb62c82282b603d31a39a83b1347394167d7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9414926B09A0391FA208F16F5542B963A2AF48BD4F584036DECE477B2EF3DE481C300
                                                                                                                                                                                                              Function 00007FFE0E16A3B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_$Dict_ErrorItemNumber_ObjectObject_OccurredVectorcallWith
                                                                                                                                                                                                              • String ID: bool$feed
                                                                                                                                                                                                              • API String ID: 3589194245-2849697477
                                                                                                                                                                                                              • Opcode ID: 6805a8ebb36f625ee4dabf142c891f6fae0cff9075e1dcf5b6684e07f24a01ce
                                                                                                                                                                                                              • Instruction ID: 472f0d33c7810e9e470d16adfaa5d1e89b8c00715452001eea759401196bda2e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6805a8ebb36f625ee4dabf142c891f6fae0cff9075e1dcf5b6684e07f24a01ce
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47413F32A09A0385FA619F16E95827963B1EF44BC4F584036CECE477B6EE3CE880C711
                                                                                                                                                                                                              Function 00007FFE0E16A9B0 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_ItemObject_$Dict_ErrorObjectOccurredVectorcallWith
                                                                                                                                                                                                              • String ID: bool$feed
                                                                                                                                                                                                              • API String ID: 2902451266-2849697477
                                                                                                                                                                                                              • Opcode ID: 1a7dd9d6bdb75d04eb2d5c7eb53f5ad6348c65550614cb5b43364506aae5122a
                                                                                                                                                                                                              • Instruction ID: bd892d78fac86a673f6117ca19e2fba21a4815d2374ecefbc698b2506aa6adcb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a7dd9d6bdb75d04eb2d5c7eb53f5ad6348c65550614cb5b43364506aae5122a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0B411A36A09A0385FA619F55E5542B963A2AF48B95F484037DECE477B2EE3CE8908310
                                                                                                                                                                                                              Function 00007FFE0E16F6E0 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_ItemObject_$Dict_ErrorObjectOccurredVectorcallWith
                                                                                                                                                                                                              • String ID: bool$eligible
                                                                                                                                                                                                              • API String ID: 2902451266-3320767611
                                                                                                                                                                                                              • Opcode ID: 5190c127f938b4afb4c61b30403329f8ba49ecea66b01ecc96b5249f62de6c69
                                                                                                                                                                                                              • Instruction ID: 417a26ef3fdbb76ccb33b3ddbbbed833927efc299e6f306b500fe63f31d3f532
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5190c127f938b4afb4c61b30403329f8ba49ecea66b01ecc96b5249f62de6c69
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E31D726B09A4381FA508F15F54427963B2EB48F84F585436DACE4BBB6DF3CE4918710
                                                                                                                                                                                                              Function 00007FFDFF1945B8 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckDigitErr_FromLongLong_PositionalStringUnicode_
                                                                                                                                                                                                              • String ID: a unicode character$argument 1$digit$not a digit
                                                                                                                                                                                                              • API String ID: 4245020737-4278345224
                                                                                                                                                                                                              • Opcode ID: aed245a8664a28b413df88f13d2b45979c93eee2f6ab32f7962ea5d8cc8ee058
                                                                                                                                                                                                              • Instruction ID: 6d8361a01cfbcb5eef4764d9a2ee5b385bc57f6f836bf669a4bfd8afb3866c44
                                                                                                                                                                                                              • Opcode Fuzzy Hash: aed245a8664a28b413df88f13d2b45979c93eee2f6ab32f7962ea5d8cc8ee058
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18211972F0864691EB648F25E8A097923A0EB54B8CF448635CA3E876ACDF2CE555C780
                                                                                                                                                                                                              Function 00007FFE012F11EF Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_CTX_enable_ct$SSL_CTX_set_ct_validation_callback
                                                                                                                                                                                                              • API String ID: 1552677711-3272436952
                                                                                                                                                                                                              • Opcode ID: dfd3537359efdacd2f04a4d436af0070cfbf6be4d586150568d2f422745380a1
                                                                                                                                                                                                              • Instruction ID: eaad9e1f15f4d74433c32c32b00dc545c9464aea5f9f83d138644437b182f2e0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: dfd3537359efdacd2f04a4d436af0070cfbf6be4d586150568d2f422745380a1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C118861F19243D2F791E7A0D8526FA1291EF94340FE66035E80C8A6F2EF2CE995C620
                                                                                                                                                                                                              Function 00007FFE0E173F90 Relevance: 15.2, APIs: 10, Instructions: 227COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_release_startup_lock
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 190073905-0
                                                                                                                                                                                                              • Opcode ID: f878702214bb63a7e2a46d9632659a766e611e310f493bfefd2b2af7470b6556
                                                                                                                                                                                                              • Instruction ID: 9e377c1cd8dc7efb90f71a16794e9adcadd0faa4d1822cd01179144843aa890e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f878702214bb63a7e2a46d9632659a766e611e310f493bfefd2b2af7470b6556
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD81BF61E1C64386FB50AB65A4412BD66F1AF85F80F54403BEAED473B6EE3CE8858700
                                                                                                                                                                                                              Function 00007FFE0E168380 Relevance: 15.1, APIs: 10, Instructions: 82threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2819143443-0
                                                                                                                                                                                                              • Opcode ID: 0242b03f335125248089f9e56ea67e2bb266b6aff0ef4b7a750ca1631d7921a4
                                                                                                                                                                                                              • Instruction ID: ae9f736993b6c91c110c83051bc1a46564414fc9c12b3069be9de5a7954a3a73
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0242b03f335125248089f9e56ea67e2bb266b6aff0ef4b7a750ca1631d7921a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D41D632A09A1381EB598F65E85833822A5EF44F79F195336CAEA422F6CF7DD485C300
                                                                                                                                                                                                              Function 00007FFE0E16A6E0 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 145COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyErr_Occurred.PYTHON312(?,?,?,?,?,00007FFE0E165A7E), ref: 00007FFE0E16A776
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E163870: PyErr_Format.PYTHON312 ref: 00007FFE0E1638A4
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: PyThreadState_Get.PYTHON312 ref: 00007FFE0E163912
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: PyErr_Fetch.PYTHON312 ref: 00007FFE0E16392A
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: PyCode_NewEmpty.PYTHON312 ref: 00007FFE0E16393D
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: PyFrame_New.PYTHON312 ref: 00007FFE0E163957
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: _Py_Dealloc.PYTHON312 ref: 00007FFE0E163972
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: _PyErr_ChainExceptions1.PYTHON312 ref: 00007FFE0E16397D
                                                                                                                                                                                                              • PyLong_FromSsize_t.PYTHON312(?,?,?,?,?,00007FFE0E165A7E), ref: 00007FFE0E16A7CB
                                                                                                                                                                                                              • PyObject_RichCompareBool.PYTHON312(?,?,?,?,?,00007FFE0E165A7E), ref: 00007FFE0E16A7E2
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,?,?,00007FFE0E165A7E), ref: 00007FFE0E16A7F8
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312(?,?,?,?,?,00007FFE0E165A7E), ref: 00007FFE0E16A80C
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$Dealloc$BoolChainCode_CompareEmptyExceptions1FetchFormatFrame_FromLong_Object_OccurredRichSsize_tState_Thread
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.UnprintablePlugin$ratio
                                                                                                                                                                                                              • API String ID: 1679049372-1538754472
                                                                                                                                                                                                              • Opcode ID: 6c7d271f71e918ea2b6e5ebdb53b8d7905f36ef135eabd5a2c9c9ca25849c929
                                                                                                                                                                                                              • Instruction ID: 3d9839e72442fcb0b9e94a99da704885601b253de06bc75f984b38806c64aaf5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c7d271f71e918ea2b6e5ebdb53b8d7905f36ef135eabd5a2c9c9ca25849c929
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0C519126E08A0785FA559B25E8052B963B5AF54B95F484233DDED173F2EF3CE882C340
                                                                                                                                                                                                              Function 00007FFE012F21E9 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 110COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newmemcpy$R_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$CLIENT_RANDOM$tls_construct_finished
                                                                                                                                                                                                              • API String ID: 3909032045-3711601257
                                                                                                                                                                                                              • Opcode ID: 2daf00a0d195b6ab514bc9670e8ac29359be2fc999cccec05943c87e8496043c
                                                                                                                                                                                                              • Instruction ID: 604bd2fab4567aca77f61bb37ccad02e3d10e63f4c8bdb375d4477d112bb6ed2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2daf00a0d195b6ab514bc9670e8ac29359be2fc999cccec05943c87e8496043c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7516932A09A8282E790DB25D4447E923A8EB45F88F455036DE4D4F7AAEF3DE984D350
                                                                                                                                                                                                              Function 00007FFE0E1727B0 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 87COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DoubleErr_Float_Occurred$From
                                                                                                                                                                                                              • String ID: bool$float$mess_ratio$str
                                                                                                                                                                                                              • API String ID: 627764739-3758540285
                                                                                                                                                                                                              • Opcode ID: 1a3d1fb8ba47ce6cf444bdce9ec413d41f20283bb8b1bac321af7baff6586998
                                                                                                                                                                                                              • Instruction ID: 0124e4825a77fd91bc5216cc1bceb6f13233d295fb067ccf7fa7b2046b671590
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1a3d1fb8ba47ce6cf444bdce9ec413d41f20283bb8b1bac321af7baff6586998
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06418D61A0CB4681EB518B65E4402BAA3B1FF95F85F584133EADE136B4DF3DE586C700
                                                                                                                                                                                                              Function 00007FFE0E173C3D Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_Vectorcall$Dict_Item
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 1355803777-217463007
                                                                                                                                                                                                              • Opcode ID: cd57472d29860b126a9f86086a96ac2cf85a89cd4f653f8ac4b36cb5dee4465a
                                                                                                                                                                                                              • Instruction ID: 41e40d6d8a94deb78351d0ecf1977f538c66ff1baeffd8c2d90e7b063d421c45
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cd57472d29860b126a9f86086a96ac2cf85a89cd4f653f8ac4b36cb5dee4465a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C1312526E0DA4381FB609B55E9542BA23B1AF44F95F848037CADE077B1DF3CE4818700
                                                                                                                                                                                                              Function 00007FFE012F2207 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 70COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_srvr.c$tls_process_end_of_early_data
                                                                                                                                                                                                              • API String ID: 193678381-3379596787
                                                                                                                                                                                                              • Opcode ID: d56d42069174aa5c7f1f1e05a148f614193e7bb520e3ed8a3438be9a4e44f38f
                                                                                                                                                                                                              • Instruction ID: 099fc331034400a65c3b94123d845fdb27a0d39d9f4155d2e4a6d8c4d493934c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d56d42069174aa5c7f1f1e05a148f614193e7bb520e3ed8a3438be9a4e44f38f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8921BD62F1828382F750EBB0E815BF82250EF91790F999031CA4D8F6E6DFACE591D711
                                                                                                                                                                                                              Function 00007FFE013151A0 Relevance: 14.0, APIs: 6, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE01312D97), ref: 00007FFE013151CE
                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE01312D97), ref: 00007FFE013151E6
                                                                                                                                                                                                              • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE01312D97), ref: 00007FFE013151F7
                                                                                                                                                                                                              • ERR_new.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE01312D97), ref: 00007FFE01315210
                                                                                                                                                                                                              • ERR_set_debug.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE01312D97), ref: 00007FFE01315228
                                                                                                                                                                                                              • ERR_set_error.LIBCRYPTO-3(?,?,?,?,?,?,?,?,?,?,?,00007FFE01312D97), ref: 00007FFE01315239
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$can_renegotiate
                                                                                                                                                                                                              • API String ID: 1552677711-3796731956
                                                                                                                                                                                                              • Opcode ID: ffee28e96335aa704968abb80b6c1ed724ff21ba08e802f7bdb6329489e06ba8
                                                                                                                                                                                                              • Instruction ID: e47b5b916dbd329c07ac6cb0a2e9d36946b6c139baff9a21e147ef8344a14b80
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ffee28e96335aa704968abb80b6c1ed724ff21ba08e802f7bdb6329489e06ba8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C118476F19247C3F744E724C8567EE2250FB91740FD29031E54C8A6F2CE2CE586C601
                                                                                                                                                                                                              Function 00007FFE0E164280 Relevance: 13.8, APIs: 9, Instructions: 313COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: From$String$Set_SizeUnicode_$Bytes_Complex_DoubleDoublesFloat_FrozenInternLong_PlaceTuple_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1377717875-0
                                                                                                                                                                                                              • Opcode ID: 629455bad91f4ecd6d7908e7e5870110f03c25fe898dd446233c35e793981129
                                                                                                                                                                                                              • Instruction ID: 0ab8b49eabe890a20868bce7d4c80baf9c75186275a294c48014accf5f5376fd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 629455bad91f4ecd6d7908e7e5870110f03c25fe898dd446233c35e793981129
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B7C1D462A09B5786EA058F14A8542797BF1FF06B85F489136DAED173B5DF3CE0A1C700
                                                                                                                                                                                                              Function 00007FFE0E164E00 Relevance: 13.6, APIs: 9, Instructions: 71threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2819143443-0
                                                                                                                                                                                                              • Opcode ID: 05d1ac40a9b96e5c13be911700045ab90e1e4e4fbd24bcfd21a8bee90907492c
                                                                                                                                                                                                              • Instruction ID: f4bfd680fbc2a4a275a65ee4634233e02801b9625a8b8ea0243bab54e822fb91
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05d1ac40a9b96e5c13be911700045ab90e1e4e4fbd24bcfd21a8bee90907492c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D31B736A08A4381EB658F65A94833832A1FF49F69F154336CABE426F5CF7DE4858740
                                                                                                                                                                                                              Function 00007FFE0E163290 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 186COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Unicode_$CharactersCopyFastFormatStringmemcpy
                                                                                                                                                                                                              • String ID: join() result is too long for a Python string$sequence item %zd: expected str instance, %.80s found
                                                                                                                                                                                                              • API String ID: 3966466113-1579438684
                                                                                                                                                                                                              • Opcode ID: 9ce23e648388c0e2cdb1312a61e26ea734fc129a48e6d1826d58cf5324c8eb00
                                                                                                                                                                                                              • Instruction ID: 0005a97b7d5c08eadc75cd7aea4c7523f3d0c0646daf41004570627bfd536256
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9ce23e648388c0e2cdb1312a61e26ea734fc129a48e6d1826d58cf5324c8eb00
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B761B3A2B0965682EA618B09D8457B967A1FB85FE4F058633CDBD877F1DE3CD846C300
                                                                                                                                                                                                              Function 00007FFE0E16C3D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 131COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$BoolCompareErr_FromLong_Object_OccurredRichSsize_t
                                                                                                                                                                                                              • String ID: ratio
                                                                                                                                                                                                              • API String ID: 2538524772-4234197119
                                                                                                                                                                                                              • Opcode ID: c9d185836df1931b61a6f898434f64e6117fd34b30e9e2c236b58f0014c75985
                                                                                                                                                                                                              • Instruction ID: 19cbf2e5cf7aa2762956bb200b8f37732889e18086a42e67c481b8a4033723ae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9d185836df1931b61a6f898434f64e6117fd34b30e9e2c236b58f0014c75985
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1951A372A0960385E6659B19A8412B8B3A1EF59FD4F184232DEDD077F7DF3DE4518380
                                                                                                                                                                                                              Function 00007FFE0E16AEA0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_Vectorcall$Err_FormatMethod
                                                                                                                                                                                                              • String ID: bool$eligible
                                                                                                                                                                                                              • API String ID: 131476257-3320767611
                                                                                                                                                                                                              • Opcode ID: 8eaf8c8bf7db2db0ae4532d1ca575a14964d2d97acf12812248dfb51df6ab7fe
                                                                                                                                                                                                              • Instruction ID: c7806541405dc2f9ab2ebd71c4dc436f96623001be29add945a2a099fa499587
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8eaf8c8bf7db2db0ae4532d1ca575a14964d2d97acf12812248dfb51df6ab7fe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07315E62E09A4381FB209B25E8543BD23B1AF45F95F584177DACD566B2DE3CE880C311
                                                                                                                                                                                                              Function 00007FFE0135E190 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 77COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugX509i2d_
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_lib.c$ssl_add_cert_to_wpacket
                                                                                                                                                                                                              • API String ID: 3356145284-2373850725
                                                                                                                                                                                                              • Opcode ID: 815fbc690875dea7aa019c576df1c6b0cea7faffa18d282b57adab0503314cbf
                                                                                                                                                                                                              • Instruction ID: 4a25674b947c043a770531ae7e0bcad6def42b16aa0e9680834e5d55b118376d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 815fbc690875dea7aa019c576df1c6b0cea7faffa18d282b57adab0503314cbf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3431A021B0C78386FB14EB52E8507A96250AF85FC0F459136ED8C9BBAACF2CE6418740
                                                                                                                                                                                                              Function 00007FFE012F11C2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_new$R_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_maxfragmentlen
                                                                                                                                                                                                              • API String ID: 476316267-2768509386
                                                                                                                                                                                                              • Opcode ID: 28725d5e94fd283e151c7962287556e812c99b14461513982d334866cd3e7e46
                                                                                                                                                                                                              • Instruction ID: 136609563574b6edbe2aecb8813035de90bef7193d4cdabeac3f19e646075641
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 28725d5e94fd283e151c7962287556e812c99b14461513982d334866cd3e7e46
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD216DA1A0968782F751AB61E8517F86350EB81B40F999432CA4C0B7F6DE2CEAD18311
                                                                                                                                                                                                              Function 00007FFE12E110B0 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083454900.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083434753.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083499244.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12e10000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Module_$Err_ExceptionFromModuleObjectSpecTypeType_With
                                                                                                                                                                                                              • String ID: Empty$Exception raised by Queue.get(block=0)/get_nowait().$_queue.Empty
                                                                                                                                                                                                              • API String ID: 1138974572-1946099957
                                                                                                                                                                                                              • Opcode ID: f121cb2eee6e80a942454bf0bf1bd0c36165a64d1fffbf990f1473ac1b9fb972
                                                                                                                                                                                                              • Instruction ID: 0d74157e58c89c1bbc2d27ce9d182090df25094cf1d53baeea322ab0ef309a29
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f121cb2eee6e80a942454bf0bf1bd0c36165a64d1fffbf990f1473ac1b9fb972
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0019235719F4392EB068B27EC505767360AF09BB4B445178CE1E0A7B4DEACE054D311
                                                                                                                                                                                                              Function 00007FFE0E166DE0 Relevance: 12.1, APIs: 8, Instructions: 93COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3617616757-0
                                                                                                                                                                                                              • Opcode ID: a60699764bd13d79a22b552816a96ae5fb586ae98b5c4b0cac63effc67cbf7b5
                                                                                                                                                                                                              • Instruction ID: b4b3e910bed417726c984ac98bf36ff4990c2eaf2239aa5846768174a9745333
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a60699764bd13d79a22b552816a96ae5fb586ae98b5c4b0cac63effc67cbf7b5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4741A436909A4381EB698F78D95837832A4EB55F3DF254376CAB9411F28F7EA885C340
                                                                                                                                                                                                              Function 00007FFE0E166120 Relevance: 12.1, APIs: 8, Instructions: 60threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2819143443-0
                                                                                                                                                                                                              • Opcode ID: 8db3069f972e78d6dd5522a1709e7f13b1d9835691a9734dfc833f95a22f18c2
                                                                                                                                                                                                              • Instruction ID: cf36cbb5f4567e21a495bacce6bdac038d76632e8020c9c067685ec338e7f9f1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8db3069f972e78d6dd5522a1709e7f13b1d9835691a9734dfc833f95a22f18c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 42211D36A0860391EB554F65E85833832B1EF98FA9F154236C9ED422F6CF3DD485C340
                                                                                                                                                                                                              Function 00007FFE101D1D30 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 195COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077305025.00007FFE101D1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE101D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077283991.00007FFE101D0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077324741.00007FFE101D4000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077344275.00007FFE101D5000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077367222.00007FFE101D6000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe101d0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _wassert$memcpy
                                                                                                                                                                                                              • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                              • API String ID: 4292997394-330188172
                                                                                                                                                                                                              • Opcode ID: 9aa7c3724df43c7763e1fe33636668700a5e685dea0693ead42e9f10e503c155
                                                                                                                                                                                                              • Instruction ID: 235a7e22f7be13f1a062ee2455d7e796d4b7cdbd11f3919d078c6ee52551dc6e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9aa7c3724df43c7763e1fe33636668700a5e685dea0693ead42e9f10e503c155
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 12918122F18A8586FB05CB69D5483FD6361FB98394F449222DF8C12B6ADF3CE585C700
                                                                                                                                                                                                              Function 00007FFDFF1916F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 122COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: a unicode character$argument$category
                                                                                                                                                                                                              • API String ID: 1318908108-2068800536
                                                                                                                                                                                                              • Opcode ID: 85221ed5b794fefa614671eb505fc7944d537497b256900e3b823b4235f4782d
                                                                                                                                                                                                              • Instruction ID: deeef76db47ab9b256c6580325db9b183fc3e328e6052fb7e47d91ef10382ca8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 85221ed5b794fefa614671eb505fc7944d537497b256900e3b823b4235f4782d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD51A563F1864681FB798F06D470AB823A1EB44B88F441235DA7E577D8DF2CE891D380
                                                                                                                                                                                                              Function 00007FFE0E16E7C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$BoolCompareErr_FromLong_Object_OccurredRichSsize_t
                                                                                                                                                                                                              • String ID: ratio
                                                                                                                                                                                                              • API String ID: 2538524772-4234197119
                                                                                                                                                                                                              • Opcode ID: d54f4ce91d4fc009f21a2c5edb86b793352885f500f9b8d8ec8e2e17d02becf3
                                                                                                                                                                                                              • Instruction ID: 567445aa06dc8aa7db7e69e7e3aa9132687ffd01349928beef2c1fe855975d78
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d54f4ce91d4fc009f21a2c5edb86b793352885f500f9b8d8ec8e2e17d02becf3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B41A236D0865785E6659B29A4442B873A5AF45BA4F184332DEDD073F2EF3DE982C340
                                                                                                                                                                                                              Function 00007FFDFF191000 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 106COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentFromStringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: a unicode character$argument$bidirectional
                                                                                                                                                                                                              • API String ID: 1318908108-2110215792
                                                                                                                                                                                                              • Opcode ID: 5ca945e71462204c3220177ec9e6a27065e7f9c311bd085c84fc819a6770995f
                                                                                                                                                                                                              • Instruction ID: 211bb5fd7558d3158795adbbe01c6fbc779378e96fa88b6098ca08fb41b8cff5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5ca945e71462204c3220177ec9e6a27065e7f9c311bd085c84fc819a6770995f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7B419463F1868291FB788F15D470B792361EB04B98F441235DA7E976D8CF2EE8918380
                                                                                                                                                                                                              Function 00007FFE0E16FB30 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$BoolCompareErr_FromLong_Object_OccurredRichSsize_t
                                                                                                                                                                                                              • String ID: ratio
                                                                                                                                                                                                              • API String ID: 2538524772-4234197119
                                                                                                                                                                                                              • Opcode ID: bc805bbfb8c5cf1cfd029aa9bff7320497c7994bc2852420775de62ac9015fa5
                                                                                                                                                                                                              • Instruction ID: e8160b2e51f9d4c7d20a11fe01f2b58bd65ec5c85828ac7c9bdc4eba0a6356b8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: bc805bbfb8c5cf1cfd029aa9bff7320497c7994bc2852420775de62ac9015fa5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8831C222F0C61781F6259F25B5146B963A1AF49BA4F494233DEED076F2DE3CE8828340
                                                                                                                                                                                                              Function 00007FFE0E168840 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count_final' cannot be deleted, xrefs: 00007FFE0E1688CC
                                                                                                                                                                                                              • attribute '_successive_upper_lower_count_final' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FFE0E168858
                                                                                                                                                                                                              • int, xrefs: 00007FFE0E168958
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count_final' cannot be deleted$attribute '_successive_upper_lower_count_final' of 'ArchaicUpperLowerPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-528010561
                                                                                                                                                                                                              • Opcode ID: 734b3c54d3469c4f93adcded31c020d35b4efdd2fa78d9b525c2ff5a48715109
                                                                                                                                                                                                              • Instruction ID: 1c8a457cf8b3ce86afb656787d66f6105eb0a2739c25d71ad89fc5ac44f5c24a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 734b3c54d3469c4f93adcded31c020d35b4efdd2fa78d9b525c2ff5a48715109
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC319031F1860386EA599B29E4552B823A1AF84FA4F585133EADE477F6DE2CE490C700
                                                                                                                                                                                                              Function 00007FFE0E166250 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • attribute '_successive_count' of 'SuspiciousDuplicateAccentPlugin' undefined, xrefs: 00007FFE0E166268
                                                                                                                                                                                                              • 'SuspiciousDuplicateAccentPlugin' object attribute '_successive_count' cannot be deleted, xrefs: 00007FFE0E1662DC
                                                                                                                                                                                                              • int, xrefs: 00007FFE0E166368
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_successive_count' cannot be deleted$attribute '_successive_count' of 'SuspiciousDuplicateAccentPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-1864222365
                                                                                                                                                                                                              • Opcode ID: 7e26eb66ee761d785657ddbbc609914290094dbc30e12cb61f22bf369c327fcd
                                                                                                                                                                                                              • Instruction ID: 7116fce6a98bd3d02322630aede0bc8017bf8360cb3b558a7837d34148b66b81
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7e26eb66ee761d785657ddbbc609914290094dbc30e12cb61f22bf369c327fcd
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D319231F0860381EF549B29E4942B923A1AF94FA4F585132DAED477F6DE3CE494C340
                                                                                                                                                                                                              Function 00007FFE0E167650 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-3920090044
                                                                                                                                                                                                              • Opcode ID: 5d395089e639c9d14ea8482f7e69a75670beb9d4900c20e8f73b927aa01507c5
                                                                                                                                                                                                              • Instruction ID: 7443864037d24c0729ca591d730eb39e9b6b6c2a552a1af7aa82ee9c79439ca8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d395089e639c9d14ea8482f7e69a75670beb9d4900c20e8f73b927aa01507c5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98319421B0864386FA549B29E4952B823A1EF44B98F585133DAEE467F6DE2CE494C700
                                                                                                                                                                                                              Function 00007FFE0E1672B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_bad_word_count' cannot be deleted$attribute '_bad_word_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-3520798986
                                                                                                                                                                                                              • Opcode ID: 56e477db8e99ceb6a0a559272fbdcecd34edded071c97510b5f31d265d2d8a56
                                                                                                                                                                                                              • Instruction ID: 23b3d9e04cd1eca564306fb2014e80bb30414ee52106a433401376f2275a7f80
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 56e477db8e99ceb6a0a559272fbdcecd34edded071c97510b5f31d265d2d8a56
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3C319421F0860382EB559B29E4552B923A1AF44B98F585233EEDE477F6DE2CE494C300
                                                                                                                                                                                                              Function 00007FFE0E1650B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_symbol_count' cannot be deleted$attribute '_symbol_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-2291034628
                                                                                                                                                                                                              • Opcode ID: 6c76308cc88a40077ca285e206591f6d0ff9c8c916ca0893ecc14272a5c4d86c
                                                                                                                                                                                                              • Instruction ID: 9e0d67ff78633b6aa6669d036eeaaf516f2ffbd6db18f79f43fc8c89485b5302
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6c76308cc88a40077ca285e206591f6d0ff9c8c916ca0893ecc14272a5c4d86c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC319271B0860382EE559B29E4542B923B3AF85B94F584632DAEE477F6DE3CE490C700
                                                                                                                                                                                                              Function 00007FFE0E1668E0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuspiciousRange' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'SuspiciousRange' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-3882440367
                                                                                                                                                                                                              • Opcode ID: 67bb7f1144e5206c0c0ca340e406d5c1e06813d7dfce8dc354a4dce514a6f095
                                                                                                                                                                                                              • Instruction ID: d0d3ce82bc20393737f93da5693dff759c59d86a35228bb55948b5db88dfa97a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 67bb7f1144e5206c0c0ca340e406d5c1e06813d7dfce8dc354a4dce514a6f095
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3131A632B08A0386EF549B29E4552B923A1AF44B94F584233DEEE477F6DE3CE494C301
                                                                                                                                                                                                              Function 00007FFE0E167AF0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_buffer_glyph_count' cannot be deleted$attribute '_buffer_glyph_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-2790440157
                                                                                                                                                                                                              • Opcode ID: 587df6b2b8f64f1463e7776841db980bd7bbb4316a2d52537449c526bd1ca66f
                                                                                                                                                                                                              • Instruction ID: cece2cdd6f3788877143d444e7eda616a9351b4f8e5c9f7aee5d0007e7539fd8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 587df6b2b8f64f1463e7776841db980bd7bbb4316a2d52537449c526bd1ca66f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 56317231B0864382EE559B29E4552B923A2BF44F98F585133DAEE477F6DE3CE494C700
                                                                                                                                                                                                              Function 00007FFE0E168F30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'ArabicIsolatedFormPlugin' object attribute '_isolated_form_count' cannot be deleted$attribute '_isolated_form_count' of 'ArabicIsolatedFormPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-4047731557
                                                                                                                                                                                                              • Opcode ID: 6d1e53dc11cfe8199cdb534eb5921ff720cb00aa204486b7904b68aadcfa091f
                                                                                                                                                                                                              • Instruction ID: 1a48378a7b9eb92193f294b69bd233d0df41d9230d092b1b8135a4d7fbefc914
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6d1e53dc11cfe8199cdb534eb5921ff720cb00aa204486b7904b68aadcfa091f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D2317471B0850382EE599B29E4552B923A2EF84B94F585233EAED477F6DF3CE494C700
                                                                                                                                                                                                              Function 00007FFE0E165930 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'TooManyAccentuatedPlugin' object attribute '_accentuated_count' cannot be deleted$attribute '_accentuated_count' of 'TooManyAccentuatedPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-3693778415
                                                                                                                                                                                                              • Opcode ID: 11257ae3d71ea791222fb481fa41a0414bf457baa53710c3c15dd2d0280c627a
                                                                                                                                                                                                              • Instruction ID: 1aab44e6ec8bbe6a1b2b73494fb7a6f844effb3afa43ed434b7b927beb1ff6d9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11257ae3d71ea791222fb481fa41a0414bf457baa53710c3c15dd2d0280c627a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0031A631F0860381EF549B19E4952B823A2AF48BA4F585633DADE477F6DE3CE494C700
                                                                                                                                                                                                              Function 00007FFE0E168700 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • attribute '_successive_upper_lower_count' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FFE0E168718
                                                                                                                                                                                                              • 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count' cannot be deleted, xrefs: 00007FFE0E16878C
                                                                                                                                                                                                              • int, xrefs: 00007FFE0E168818
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'ArchaicUpperLowerPlugin' object attribute '_successive_upper_lower_count' cannot be deleted$attribute '_successive_upper_lower_count' of 'ArchaicUpperLowerPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-634379450
                                                                                                                                                                                                              • Opcode ID: 52e7e832d312293c75268dee85e04a5a0eebfc5688c2e64deee6318363a733d2
                                                                                                                                                                                                              • Instruction ID: 5dfcaf3b2592149f6bc3ca2c40b82582d7b39355815e9991edaf79bea30b331a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52e7e832d312293c75268dee85e04a5a0eebfc5688c2e64deee6318363a733d2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21318471F0860381EA599B29E4952B923A1AF84FA4F585233DADD4B7F6DE2CE494C300
                                                                                                                                                                                                              Function 00007FFE0E167F10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'CjkInvalidStopPlugin' object attribute '_cjk_character_count' cannot be deleted$attribute '_cjk_character_count' of 'CjkInvalidStopPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-399339277
                                                                                                                                                                                                              • Opcode ID: 9c3a15990428bb77c92a072d905c1e2f827a3f1a99ebc7047cf01e5472fad4e8
                                                                                                                                                                                                              • Instruction ID: d385e45b273c15a8a1210645f06c3068e05c2e5740a11f04c039d02badb9795e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c3a15990428bb77c92a072d905c1e2f827a3f1a99ebc7047cf01e5472fad4e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B031A632B0860382EF559B29E4552B923A1BF44BA4F585233EAED477F6DF2CE490C300
                                                                                                                                                                                                              Function 00007FFE0E164F70 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • 'TooManySymbolOrPunctuationPlugin' object attribute '_punctuation_count' cannot be deleted, xrefs: 00007FFE0E164FFC
                                                                                                                                                                                                              • attribute '_punctuation_count' of 'TooManySymbolOrPunctuationPlugin' undefined, xrefs: 00007FFE0E164F88
                                                                                                                                                                                                              • int, xrefs: 00007FFE0E165088
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_punctuation_count' cannot be deleted$attribute '_punctuation_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-1459665959
                                                                                                                                                                                                              • Opcode ID: ad0cd029660fb7f7665da9d9aac58adf3fc5e55591e06715ce07e5edaaa67e98
                                                                                                                                                                                                              • Instruction ID: bf4f5b184a851fc760e1c9ae0d17c8cb0c858386daa4de008148d39464557046
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ad0cd029660fb7f7665da9d9aac58adf3fc5e55591e06715ce07e5edaaa67e98
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6A31A131F0864381EE549B29E4942B923A2AF85BD4F585133EAEE477F6DE3DE480C340
                                                                                                                                                                                                              Function 00007FFE0E167170 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_word_count' cannot be deleted$attribute '_word_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-1212817586
                                                                                                                                                                                                              • Opcode ID: 4f7b4f66c2882bb4a368eca118915d59140719839b3263e799a13cafd8e4be70
                                                                                                                                                                                                              • Instruction ID: 837948b75db14bbc6c8b745c62f9d450aba6d8b49faead196a41a22540098679
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4f7b4f66c2882bb4a368eca118915d59140719839b3263e799a13cafd8e4be70
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70319421F0850382EE549B29E4942B923A1AF44FA4F585137EADE477F6DE6CE484C700
                                                                                                                                                                                                              Function 00007FFE0E165D50 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'UnprintablePlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'UnprintablePlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-2596148235
                                                                                                                                                                                                              • Opcode ID: 26f8cd94457a649ba50c6653c3b68f565d5d965db2314902c9cbd5fe5bdcdd5f
                                                                                                                                                                                                              • Instruction ID: 560944a68f9412b290ab8dc3f35009bb7428ef14a007643c78a53c18ba8d8455
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 26f8cd94457a649ba50c6653c3b68f565d5d965db2314902c9cbd5fe5bdcdd5f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 82319231B08A4382EE559B29E4552B863A2EF44F94F584633DADE477F6DE3CE494C700
                                                                                                                                                                                                              Function 00007FFE0E1667A0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • attribute '_suspicious_successive_range_count' of 'SuspiciousRange' undefined, xrefs: 00007FFE0E1667B8
                                                                                                                                                                                                              • 'SuspiciousRange' object attribute '_suspicious_successive_range_count' cannot be deleted, xrefs: 00007FFE0E16682C
                                                                                                                                                                                                              • int, xrefs: 00007FFE0E1668B8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuspiciousRange' object attribute '_suspicious_successive_range_count' cannot be deleted$attribute '_suspicious_successive_range_count' of 'SuspiciousRange' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-916769388
                                                                                                                                                                                                              • Opcode ID: 4d9f5c16edd509a2cc910b78d3d156eb7143a823e909094944a6dcb1097a17f4
                                                                                                                                                                                                              • Instruction ID: da96fd9565e7c15c4f7777d03f8ff11d20e9bd447e56c2e209abb3d0f2afd8ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4d9f5c16edd509a2cc910b78d3d156eb7143a823e909094944a6dcb1097a17f4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6C317231F08A0381EE559B29E4552B923A1AF94B94F585132DADE477F6DE2CE8C4C300
                                                                                                                                                                                                              Function 00007FFE0E1679B0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_buffer_accent_count' cannot be deleted$attribute '_buffer_accent_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-76466605
                                                                                                                                                                                                              • Opcode ID: 6ed5a09cdee6f8be3313f3f998c2b896ebc731bd5b7f21b11c6827454250e5ed
                                                                                                                                                                                                              • Instruction ID: 127037eded2065be609664b35fc8b7dc6f2357209df5428a2790b7727b5c71d2
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ed5a09cdee6f8be3313f3f998c2b896ebc731bd5b7f21b11c6827454250e5ed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05318631B08A0382EA55DB29E4552B923A1EF44BA8F5C5133EADE477F6DF2DE494C700
                                                                                                                                                                                                              Function 00007FFE0E168980 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'ArchaicUpperLowerPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'ArchaicUpperLowerPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-4184598959
                                                                                                                                                                                                              • Opcode ID: c9545642c3cb54cfae6524a01c8b8b1ac7a649f5904cd3094c5dab660e2e1fb4
                                                                                                                                                                                                              • Instruction ID: 1278ae5fb01a57cf1260fe2d5b65d35fd18e9df04f19ba97cf8f79f3e9d344f9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9545642c3cb54cfae6524a01c8b8b1ac7a649f5904cd3094c5dab660e2e1fb4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0318131B1860385EE599B29E4952B923A1AF84BA4F585133DEEE477F6DE3CE494C300
                                                                                                                                                                                                              Function 00007FFE0E167790 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_bad_character_count' cannot be deleted$attribute '_bad_character_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-2709777744
                                                                                                                                                                                                              • Opcode ID: 0a8deb7bba0982ceee5541df8d7f547f9e26c4f321831da528084400a8c74a96
                                                                                                                                                                                                              • Instruction ID: 88412dd0c050d82edd9fe98bad1c3129aa0c02ef571c9df3f869fcb75f23d99b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a8deb7bba0982ceee5541df8d7f547f9e26c4f321831da528084400a8c74a96
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C9317421F0860382EA559B29E45527923A1AF44F98F585133DADE477F6DE2CE8D4C700
                                                                                                                                                                                                              Function 00007FFE0E166390 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • 'SuspiciousDuplicateAccentPlugin' object attribute '_character_count' cannot be deleted, xrefs: 00007FFE0E16641C
                                                                                                                                                                                                              • attribute '_character_count' of 'SuspiciousDuplicateAccentPlugin' undefined, xrefs: 00007FFE0E1663A8
                                                                                                                                                                                                              • int, xrefs: 00007FFE0E1664A8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'SuspiciousDuplicateAccentPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-543361526
                                                                                                                                                                                                              • Opcode ID: 1b5adbfa0cdd2187a0ff121358cf98124d3a6b6387f47449d713c69e28775f50
                                                                                                                                                                                                              • Instruction ID: 983da4f4d559d85e54fbab3336228b3fb0ddcafadefe7a19fb61722a3045b71f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b5adbfa0cdd2187a0ff121358cf98124d3a6b6387f47449d713c69e28775f50
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80318671B08A0382EE559B19E45527923A1AF44FD4F585233DADD477F6DF2CE494C300
                                                                                                                                                                                                              Function 00007FFE0E168DF0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'ArabicIsolatedFormPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'ArabicIsolatedFormPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-3970786323
                                                                                                                                                                                                              • Opcode ID: 30c6596cac687337ac68ed62e1e1697e2138cd721bad49d97c4c2d8ecaa08873
                                                                                                                                                                                                              • Instruction ID: 9940facf22372d687c1d4a3ced01202bc7f029f3cf0005d8317843c5ca24518a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 30c6596cac687337ac68ed62e1e1697e2138cd721bad49d97c4c2d8ecaa08873
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA319221F0860381EE58DB29E4542B963A1AF44B94F585133DAED477F6DF3CE894C700
                                                                                                                                                                                                              Function 00007FFE0E1673F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_foreign_long_count' cannot be deleted$attribute '_foreign_long_count' of 'SuperWeirdWordPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-3135691889
                                                                                                                                                                                                              • Opcode ID: d387823bdcdb39456d33be0274fa8c87c292f534aebd231a03df0599e0554960
                                                                                                                                                                                                              • Instruction ID: 6534ca3b9b25a40f9ba6964f691737aeeab100dc59fe23d7fc7909a5bfae0852
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d387823bdcdb39456d33be0274fa8c87c292f534aebd231a03df0599e0554960
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2C31B971F0850382EE559B29E45827827A1AF44FA8F585233DADD477F6DE3CD894C700
                                                                                                                                                                                                              Function 00007FFE0E1657F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'TooManyAccentuatedPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'TooManyAccentuatedPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-2022335554
                                                                                                                                                                                                              • Opcode ID: d72b8d56056d62757e59ad678f10fdddca90ce25c8bddecc9e3677af277f63b6
                                                                                                                                                                                                              • Instruction ID: 3d373388bcaf31ef6387b4b053dfe3e143b83982d496dba7a4d67269d7a6b8c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d72b8d56056d62757e59ad678f10fdddca90ce25c8bddecc9e3677af277f63b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 46319431F0860381EE549B1AF45427823A2AF94B94F585533DADE47BF6DE2CE8C4C700
                                                                                                                                                                                                              Function 00007FFE0E1651F0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • 'TooManySymbolOrPunctuationPlugin' object attribute '_character_count' cannot be deleted, xrefs: 00007FFE0E16527C
                                                                                                                                                                                                              • attribute '_character_count' of 'TooManySymbolOrPunctuationPlugin' undefined, xrefs: 00007FFE0E165208
                                                                                                                                                                                                              • int, xrefs: 00007FFE0E165308
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_character_count' cannot be deleted$attribute '_character_count' of 'TooManySymbolOrPunctuationPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-4240200891
                                                                                                                                                                                                              • Opcode ID: 6783d8140ced59c497192b5ba5b74b6c7bcd11426c29b8c71b61c08427d73ae1
                                                                                                                                                                                                              • Instruction ID: 78176119a6c2f79b5c22c349659f21e3adf64554c3206cc53b40fe6e828db0d1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6783d8140ced59c497192b5ba5b74b6c7bcd11426c29b8c71b61c08427d73ae1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D431C431F0860381EE559B59E4542B923A2AF44FA4F584636DAEE477F6DF3CE490C300
                                                                                                                                                                                                              Function 00007FFE0E1685C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              • attribute '_character_count_since_last_sep' of 'ArchaicUpperLowerPlugin' undefined, xrefs: 00007FFE0E1685D8
                                                                                                                                                                                                              • 'ArchaicUpperLowerPlugin' object attribute '_character_count_since_last_sep' cannot be deleted, xrefs: 00007FFE0E16864C
                                                                                                                                                                                                              • int, xrefs: 00007FFE0E1686D8
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'ArchaicUpperLowerPlugin' object attribute '_character_count_since_last_sep' cannot be deleted$attribute '_character_count_since_last_sep' of 'ArchaicUpperLowerPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-2037488444
                                                                                                                                                                                                              • Opcode ID: 7c940f0e29fb7c4a46fc094fe8bd083d47028d4b00646c4db0056fa146c6e5ac
                                                                                                                                                                                                              • Instruction ID: 6ffc8b7d9cc545e03370110d88b254df87dc3fc6b76b1ae36b3e95a1ef0c8084
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7c940f0e29fb7c4a46fc094fe8bd083d47028d4b00646c4db0056fa146c6e5ac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4C319471B0850382EA599B29F45427923A1AF84B94F584233EAEE477F6DF3CE490C700
                                                                                                                                                                                                              Function 00007FFE0E167DD0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'CjkInvalidStopPlugin' object attribute '_wrong_stop_count' cannot be deleted$attribute '_wrong_stop_count' of 'CjkInvalidStopPlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-420147485
                                                                                                                                                                                                              • Opcode ID: d4d10d2b9f35483e9f60761f33ea65b43a29798d1105d393ab4a3e06481ab065
                                                                                                                                                                                                              • Instruction ID: 8787dd8122bcaf5e592ebf2f40371f2a4d02a2ccdaa5ea1e2588ffccd1498c76
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4d10d2b9f35483e9f60761f33ea65b43a29798d1105d393ab4a3e06481ab065
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0318132B0860382EA559B29E4552B823A1AF94B98F585133DAED467F6DF3CE894C700
                                                                                                                                                                                                              Function 00007FFE0E165C10 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'UnprintablePlugin' object attribute '_unprintable_count' cannot be deleted$attribute '_unprintable_count' of 'UnprintablePlugin' undefined$int
                                                                                                                                                                                                              • API String ID: 1450464846-2997357838
                                                                                                                                                                                                              • Opcode ID: f3cc9142225594d8ebf6c97bffbf066ffd52deedef535e8615f18ac0d3825847
                                                                                                                                                                                                              • Instruction ID: 81c4e289d98c167e29a82127b26fcaa32325edbd9e6b1a0c3ea735b3089642fe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f3cc9142225594d8ebf6c97bffbf066ffd52deedef535e8615f18ac0d3825847
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9C31A631F0860381EE549B29E4552B823A2AF84BA4F985532DADD477F6DF2CE490C300
                                                                                                                                                                                                              Function 00007FFE0E16E4E0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 95COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$FromLong_Ssize_t$ContainsNumber_Object_Set_Vectorcall
                                                                                                                                                                                                              • String ID: bool$feed
                                                                                                                                                                                                              • API String ID: 3415927029-2849697477
                                                                                                                                                                                                              • Opcode ID: a9e961dc39537d6854917229766135e543cb7775a15e494e2e27943e3e5b94b7
                                                                                                                                                                                                              • Instruction ID: 33e452a3f65edfa241a36d5fa247d42cdcf8d7d612b348453f263f35d008dc51
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a9e961dc39537d6854917229766135e543cb7775a15e494e2e27943e3e5b94b7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 70414169E0964381FB609B11E4552BA63B1EF44B84F445136DACE477B7EF3CE5818740
                                                                                                                                                                                                              Function 00007FFE012F2158 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 89COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                • Part of subcall function 00007FFE01321250: ERR_new.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFE013227C0), ref: 00007FFE01321315
                                                                                                                                                                                                                • Part of subcall function 00007FFE01321250: ERR_set_debug.LIBCRYPTO-3(?,?,?,?,00000020,?,?,00007FFE013227C0), ref: 00007FFE01321333
                                                                                                                                                                                                              • OPENSSL_cleanse.LIBCRYPTO-3 ref: 00007FFE01322A06
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: L_cleanseR_newR_set_debug
                                                                                                                                                                                                              • String ID: $ $0$extended master secret$master secret
                                                                                                                                                                                                              • API String ID: 4043487175-741269486
                                                                                                                                                                                                              • Opcode ID: c65b08be177fd7869ca45c074d80b9fa8f3cbf3986bc84b7f06dd16b9f883214
                                                                                                                                                                                                              • Instruction ID: b8de1a3061e163caa358bf5df62d28c918bd1edede791ac026e1b4f1989c12a6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c65b08be177fd7869ca45c074d80b9fa8f3cbf3986bc84b7f06dd16b9f883214
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3E414972618B8186E724DB25F84039AB7E4FB89784F544135EACC47BA9EF7CD156CB00
                                                                                                                                                                                                              Function 00007FFE012F21F3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_clear_flagsO_set_flags
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$ossl_statem_client_read_transition
                                                                                                                                                                                                              • API String ID: 3946675294-211585089
                                                                                                                                                                                                              • Opcode ID: 1ec53698299ae21b2aeb9b7de68607946c7bd6d4356d386d45f1560bd026f1ef
                                                                                                                                                                                                              • Instruction ID: f06c5db216b4c41ac435dc5888542c39af83b6cc19822b2a78e9385e04c630a8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1ec53698299ae21b2aeb9b7de68607946c7bd6d4356d386d45f1560bd026f1ef
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8131C832B1C683C6EB54DB65D4547BC2792EB89FC8F598435D64D8B7A6CE2CD4818700
                                                                                                                                                                                                              Function 00007FFE012F11B3 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\statem_clnt.c$tls_process_initial_server_flight
                                                                                                                                                                                                              • API String ID: 193678381-3302312727
                                                                                                                                                                                                              • Opcode ID: e178fc634d7bef24930e7a78444d9cca761df507a521c119d82d6d9cd1cd4460
                                                                                                                                                                                                              • Instruction ID: ab17a6355c08f31aa96304418bcd1fada03ad6b35ba60883976bdd55325dc7b3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e178fc634d7bef24930e7a78444d9cca761df507a521c119d82d6d9cd1cd4460
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9721C3A1F1824381FB54AB62D8567F82260AF85B85FC95131CD0C4E6F5EE2CE5908310
                                                                                                                                                                                                              Function 00007FFE012F1208 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 58COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_errorX_set0_default$conf_ssl_get_cmdconf_ssl_name_find
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_mcnf.c$ssl_do_config
                                                                                                                                                                                                              • API String ID: 4067701900-1861514004
                                                                                                                                                                                                              • Opcode ID: eb7f5ce3cd819bc976cc8b5103d6e9ef9d2776f7d1b349020b5935d7bf73c850
                                                                                                                                                                                                              • Instruction ID: 590871fdf9a30c3f9feb798731a447d8179cb8a9a05966a15ba6e3bc1d67053a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb7f5ce3cd819bc976cc8b5103d6e9ef9d2776f7d1b349020b5935d7bf73c850
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 07110863F09283D2FB14AB927D01EFA2101AF917C4F529034FE0D0E7A2DE2CA54A8700
                                                                                                                                                                                                              Function 00007FFE0E1656F0 Relevance: 10.6, APIs: 7, Instructions: 51threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2819143443-0
                                                                                                                                                                                                              • Opcode ID: a2940731464092880fead3b6b8e13728646169a8eb588e9128c4e4a0de4d0ab5
                                                                                                                                                                                                              • Instruction ID: 90555d04b97ad9ca74757634069db4dbaa5125a29d03046c03023ece61a165d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2940731464092880fead3b6b8e13728646169a8eb588e9128c4e4a0de4d0ab5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 05211D35A08643C1EB154F65E84837822A2FF48FB9F954632C9EE4A2F5CF7CE4858340
                                                                                                                                                                                                              Function 00007FFE12E126A8 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083454900.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083434753.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083499244.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12e10000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Err_List_StringThread_allocate_lock
                                                                                                                                                                                                              • String ID: can't allocate lock
                                                                                                                                                                                                              • API String ID: 214698565-1504453919
                                                                                                                                                                                                              • Opcode ID: d94c3e7382fc6bdb3565522f2238be69152e9bb73497608510765ad1451ebbd6
                                                                                                                                                                                                              • Instruction ID: 03626bac3546675fcfe44057cd24d7af8f1b755ac6683abe7552f5453dc8ba80
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d94c3e7382fc6bdb3565522f2238be69152e9bb73497608510765ad1451ebbd6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D113CB1A09F1281EB669F32EC1437B23E0FF08B24F0440B9C94E422A4DFBCA454A316
                                                                                                                                                                                                              Function 00007FFDFF191150 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _PyArg_CheckPositional.PYTHON312 ref: 00007FFDFF193607
                                                                                                                                                                                                              • _PyArg_BadArgument.PYTHON312 ref: 00007FFDFF19363A
                                                                                                                                                                                                                • Part of subcall function 00007FFDFF1911B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFF1911E2
                                                                                                                                                                                                                • Part of subcall function 00007FFDFF1911B0: PyUnicode_CompareWithASCIIString.PYTHON312 ref: 00007FFDFF1911FA
                                                                                                                                                                                                                • Part of subcall function 00007FFDFF1911B0: PyType_IsSubtype.PYTHON312 ref: 00007FFDFF19121D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_CompareStringUnicode_With$ArgumentCheckPositionalSubtypeType_
                                                                                                                                                                                                              • String ID: argument 1$argument 2$normalize$str
                                                                                                                                                                                                              • API String ID: 4101545800-1320425463
                                                                                                                                                                                                              • Opcode ID: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                              • Instruction ID: f887029c2857523fec3592948afae7470375e4444310f85585d81deae82bb1eb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2dbf24b9019d36270aeee854f5eb720b9aec5d3fd397e623ab08701816bde558
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B6113C62F0868290FB708F16E860AB52360AB14FC8F588232D93D577DCDF2CD685D780
                                                                                                                                                                                                              Function 00007FFDFF194768 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 39COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                              • String ID: argument 1$argument 2$is_normalized$str
                                                                                                                                                                                                              • API String ID: 3876575403-184702317
                                                                                                                                                                                                              • Opcode ID: ed7039aedf8594f44b2dcd06c7a3654b924861e91dfb93c4f465d606fbcafc7c
                                                                                                                                                                                                              • Instruction ID: c844a5a86dee9740f14a60314e7af3f2f771e153115df3c58586ccdcff427359
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed7039aedf8594f44b2dcd06c7a3654b924861e91dfb93c4f465d606fbcafc7c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9A015E66F0868AD4EB648F06E4A0EB52360AB15FC8F54C131D93D476DCDF2CD595C380
                                                                                                                                                                                                              Function 00007FFE012F1168 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_early_data
                                                                                                                                                                                                              • API String ID: 193678381-408386505
                                                                                                                                                                                                              • Opcode ID: 834e06002fd48ab0d836dcc656642cb03cadb7f568b0afd511e59dad598126ac
                                                                                                                                                                                                              • Instruction ID: 49426281b5b2c0a3609ef29759078106583f322b75693507b26e6afe4f74b8c9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 834e06002fd48ab0d836dcc656642cb03cadb7f568b0afd511e59dad598126ac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 25018C61E09283D3F751A760D8593F86254EF84390F969031D50C4E6FADF2CFA92C650
                                                                                                                                                                                                              Function 00007FFE0E161740 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyLong_FromSsize_t.PYTHON312 ref: 00007FFE0E1617A8
                                                                                                                                                                                                              • PyLong_FromSsize_t.PYTHON312 ref: 00007FFE0E1617D4
                                                                                                                                                                                                              • PyNumber_Remainder.PYTHON312 ref: 00007FFE0E1617F1
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312 ref: 00007FFE0E161808
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312 ref: 00007FFE0E16181C
                                                                                                                                                                                                              • _Py_Dealloc.PYTHON312 ref: 00007FFE0E16187A
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E163600: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFE0E1614D8), ref: 00007FFE0E163609
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E163600: fprintf.MSPDB140-MSVCRT ref: 00007FFE0E163619
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E163600: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFE0E1614D8), ref: 00007FFE0E163623
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E163600: fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,00007FFE0E1614D8), ref: 00007FFE0E16362C
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E163600: abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,00007FFE0E1614D8), ref: 00007FFE0E163632
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$FromLong_Ssize_t__acrt_iob_func$Number_Remainderabortfflushfprintf
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1333916573-0
                                                                                                                                                                                                              • Opcode ID: 8977eaca8314d9d3d27616ef656f1e2f985b954957d55daa68532bb1b1c2d0e8
                                                                                                                                                                                                              • Instruction ID: 8940a643030f9f1ef949dfb5131c61203163ead07fc02239955849feb33df80b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8977eaca8314d9d3d27616ef656f1e2f985b954957d55daa68532bb1b1c2d0e8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3341B631F0E64792EA694B16E50427863A1AF44BE4F085132DEDD4B7FADF3CE4818700
                                                                                                                                                                                                              Function 00007FFE01325160 Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: X509_get0_pubkeyY_get_security_bits$X509_get_extension_flagsX509_get_signature_info
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3836818763-0
                                                                                                                                                                                                              • Opcode ID: 881e7ae5a45f0a571fb5a722c38be3c32f9cab0c888addf428be226d2df2081b
                                                                                                                                                                                                              • Instruction ID: 3f104307a04cf570fc6f925bdf71d67cf0dd19733b75251f72c7e69c0be74b7f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 881e7ae5a45f0a571fb5a722c38be3c32f9cab0c888addf428be226d2df2081b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CD418232B0C38285FB64AA52A401BFA5681BFA6784F595035FD4D5FBE6DF3CE5009B01
                                                                                                                                                                                                              Function 00007FFE0E1613A0 Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$FromLong_Ssize_t$Number_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4245833954-0
                                                                                                                                                                                                              • Opcode ID: 3d75707379a5c1ecabd5fc02489d298cf67ed3deecd356013b1f50cd519089ed
                                                                                                                                                                                                              • Instruction ID: ee120678cdab2f0c4348ed67847be88ae9b6e148da197dceb869cc52b297b9f5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3d75707379a5c1ecabd5fc02489d298cf67ed3deecd356013b1f50cd519089ed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2F317232F0AA4396FE558B16E55437822A1AF45BE4F485136DADE477F6DF3CE4428300
                                                                                                                                                                                                              Function 00007FFE0E161600 Relevance: 9.1, APIs: 6, Instructions: 102COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$FromLong_Ssize_t$MultiplyNumber_
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3214704217-0
                                                                                                                                                                                                              • Opcode ID: 865691bb87fa8bdd9d11e4cda093a0317fc21eb7cf7633484d02a7f5a0611d10
                                                                                                                                                                                                              • Instruction ID: 4f8ce9fe32c01ebbbc6a2aed8eb4f64d3d1b56b2f333d7311d938aff24bdc3df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 865691bb87fa8bdd9d11e4cda093a0317fc21eb7cf7633484d02a7f5a0611d10
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E731A336F0E60392EB154B16A55437862A1AF49BE4F4C1132DAEE477F7EE7CE4818300
                                                                                                                                                                                                              Function 00007FFE0E1614E0 Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$FromLong_Ssize_t$Number_Subtract
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2424657569-0
                                                                                                                                                                                                              • Opcode ID: 799374b935a721ad0657f914fdf788956c05a02a509a8bc7f8fcbf1ea88fddaf
                                                                                                                                                                                                              • Instruction ID: 10a71247b0bf183f5856761a0e6d0b7e4f65b0b6f707a2002292fdd7219c6c33
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 799374b935a721ad0657f914fdf788956c05a02a509a8bc7f8fcbf1ea88fddaf
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A3191B2B0A64396EB184B15A514238A3A1EF46BD8F081532DADF477F6DF3CE4418701
                                                                                                                                                                                                              Function 00007FFE0E1630F0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 122COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String$Unicode_
                                                                                                                                                                                                              • String ID: Python int too large to convert to C ssize_t$string index out of range
                                                                                                                                                                                                              • API String ID: 2250126396-644864186
                                                                                                                                                                                                              • Opcode ID: d109e9f805998f159cba6923707cb466a77f346eafe8f3a912516546054ed57e
                                                                                                                                                                                                              • Instruction ID: 19e8425acc123a69c50fa2a3d459dc4fd2a0af252ce84ff4445df8cbe5207fae
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d109e9f805998f159cba6923707cb466a77f346eafe8f3a912516546054ed57e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 54417466B09902C6EF248B1AC4D127927A1FBDCB58FD8503ACACE437A2DE2DD546C700
                                                                                                                                                                                                              Function 00007FFE0E163000 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: division by zero
                                                                                                                                                                                                              • API String ID: 1450464846-3764743415
                                                                                                                                                                                                              • Opcode ID: fddef638cd66fc2c4a11be3bdb592afde648f9499e3343a59f2f4b9a22b98bc2
                                                                                                                                                                                                              • Instruction ID: 5bc357695b2a08652bb1ef9835fde20eaf33ff817c7b1812b5e2d7cfc5637800
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fddef638cd66fc2c4a11be3bdb592afde648f9499e3343a59f2f4b9a22b98bc2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BE21A721B08A0386FE158B29A54423852A29F84BE0F1C5332DAFE063F6EF3CE4958200
                                                                                                                                                                                                              Function 00007FFE0E1734A7 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: 0dfe9a9ab1eaf43891fae002e754b6d557f5e9dc829edbb7cae4ca907ec9e62e
                                                                                                                                                                                                              • Instruction ID: 7d7307d31adb049ff532ff6ebe1bd61556e03276b9008d98218cecc5d7f37437
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0dfe9a9ab1eaf43891fae002e754b6d557f5e9dc829edbb7cae4ca907ec9e62e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2331A76AA08B4785FB018B05B84056527F4BB49F98F9409BBD9DD4B771DF3CE1A18740
                                                                                                                                                                                                              Function 00007FFE0E17382A Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: b444e9c45cc947f8c82b606764c1df2200c48fef5459c8db8306e3d7681f0ce5
                                                                                                                                                                                                              • Instruction ID: 6ba4c7a62661986a64a4c6eaf5a6fcd49282194f11611511d5b579c38f99b713
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b444e9c45cc947f8c82b606764c1df2200c48fef5459c8db8306e3d7681f0ce5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0A31DB7AA0DB4781FA409F45B8801A427B9BB08F98F44457BE9DE0B770EF3CA5A18340
                                                                                                                                                                                                              Function 00007FFE0E172CA1 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 59COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: 0a7b7af403d7c6ba9f16e7dfda1b2923c2123756496389c880cd0cc5eb66112a
                                                                                                                                                                                                              • Instruction ID: 13e5de0f660fc9ea0e649b3091e36c429208bd8123563e4afac3d02cfb11f3f1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a7b7af403d7c6ba9f16e7dfda1b2923c2123756496389c880cd0cc5eb66112a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3F31BB75A09B4785FA008B01A8502B52BF9BF58F99F4405BBD9CE0B771DF3CA1A5C380
                                                                                                                                                                                                              Function 00007FFDFF194694 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentSubtypeType_
                                                                                                                                                                                                              • String ID: a unicode character$argument$east_asian_width
                                                                                                                                                                                                              • API String ID: 1522575347-3913127203
                                                                                                                                                                                                              • Opcode ID: 43813d0d932ae7c374914bf6384df1a3629f4c3e0bd964f6072aa249f9af1373
                                                                                                                                                                                                              • Instruction ID: 45052aebcb1b4543614be1771569fb2d8cd6d9dff3bef3879fd9c284859dd00a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 43813d0d932ae7c374914bf6384df1a3629f4c3e0bd964f6072aa249f9af1373
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CA218067F08A8691EB688F1195B097927A2EB45F8CF448231D67D436DCDF2CD5A4C380
                                                                                                                                                                                                              Function 00007FFE0E17330F Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: e627fcdb7ac72f11e27d81e1f358ea89962bfa871c1fe7278111fa1b73ef1092
                                                                                                                                                                                                              • Instruction ID: 854d3e172ca1f81b03d064796c95e212c49961c610273ee02055b77509be04ec
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e627fcdb7ac72f11e27d81e1f358ea89962bfa871c1fe7278111fa1b73ef1092
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4221CC75E09B4781FA008B40B8442B427B5BF49F96F8444BBC8DE0B771EF7CA5918380
                                                                                                                                                                                                              Function 00007FFE0E173176 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: 18ce6d3b7f409c131f2403b75e26a73379f878e800ddd6e093f25e8dfb89acdb
                                                                                                                                                                                                              • Instruction ID: 6f25df3275fc4e331382372b39b3f3d243b6b8c4dd0f4e1a366fb0dbc7139d76
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 18ce6d3b7f409c131f2403b75e26a73379f878e800ddd6e093f25e8dfb89acdb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6121B866E09B4785FB009B40A8502B827F9BF18F95F8444BBC8DD4B2B1EF3CA5918380
                                                                                                                                                                                                              Function 00007FFE0E172E52 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: 8cfdb07d739488ac59013e13f13bf950ffdfea108544a4cde4f5d96abfdefd9e
                                                                                                                                                                                                              • Instruction ID: dfe368f4d9ee9c905c4f91b8155a9e57a6143993f18fdcfc43ff15018cf1193e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8cfdb07d739488ac59013e13f13bf950ffdfea108544a4cde4f5d96abfdefd9e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F021BDA5E0DB5386FA409B50B8402B426B5BF09F95F8445BBE9DD1B3B1EF3CA5A1C340
                                                                                                                                                                                                              Function 00007FFE0E173698 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: d49402bf36dbce8e3b3a26156c4a16676ef74e15a810c7e5b5f078d0e385e2f2
                                                                                                                                                                                                              • Instruction ID: d896d08a6bf325d40ebe42ef62956568ea74656219b4ac0f7c1993e2732057d3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d49402bf36dbce8e3b3a26156c4a16676ef74e15a810c7e5b5f078d0e385e2f2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3721BBB9E08B4795FA048B54A8402B422F9BF14F95F8445BBC9DD5B3B1EF3CA5A1C380
                                                                                                                                                                                                              Function 00007FFE0E172FE4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: b8e401064ce68c75911535c86453a566febd8dbef4617286a1a01e1b87adc8ed
                                                                                                                                                                                                              • Instruction ID: b74fc47042b190b28e19afc4d2e48b9b8784436b97490863f4285803c4104d5b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b8e401064ce68c75911535c86453a566febd8dbef4617286a1a01e1b87adc8ed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3321DB69E08B4785FB009B51B8402B826F5BF04F95F8445BBC9DD1B3B1EF3CA5A28340
                                                                                                                                                                                                              Function 00007FFE0E1739F3 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$AttrObject_PackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4195104747-217463007
                                                                                                                                                                                                              • Opcode ID: 9cfc3ad0051b736b4f58212c4ca8e6faa56b81ee871dce83d18bcac6df482ab2
                                                                                                                                                                                                              • Instruction ID: b053a16e49fd3e0e4e2cf6ea2f63656ea425cf03beee0f1575f7b48cdec5c5fe
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cfc3ad0051b736b4f58212c4ca8e6faa56b81ee871dce83d18bcac6df482ab2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F21CCA5E0DB4385FA009F15A8412B426B5BF08F94F84047BD8ED4B7B1EF3CA5558340
                                                                                                                                                                                                              Function 00007FFDFF194C5C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 53COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DoubleErr_Float_FromNumericStringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: not a numeric character
                                                                                                                                                                                                              • API String ID: 1034370217-2058156748
                                                                                                                                                                                                              • Opcode ID: c4f3043636e101a3a83274b1f0d06bc8cf9bfb138ae39ee1603926f77e7512ac
                                                                                                                                                                                                              • Instruction ID: d5f7568bbab603438af300308ec79e69a5e121d9b419817356fd1986372499da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c4f3043636e101a3a83274b1f0d06bc8cf9bfb138ae39ee1603926f77e7512ac
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 15215E23F0894289EB718F25A4B093967E0AF54B88F048232C93E576DCEF2CE851D680
                                                                                                                                                                                                              Function 00007FFDFF194358 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 48COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DecimalDigitErr_FromLongLong_StringSubtypeType_Unicode_
                                                                                                                                                                                                              • String ID: not a decimal
                                                                                                                                                                                                              • API String ID: 3750391552-3590249192
                                                                                                                                                                                                              • Opcode ID: 0cf26f43277d2d65cd436f04c55e3f115854bb953c5d4c83dfc8717dffaf923a
                                                                                                                                                                                                              • Instruction ID: d7e20867c95c84434e573fff29fbf56b7e351466ca6796110589b843576863d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0cf26f43277d2d65cd436f04c55e3f115854bb953c5d4c83dfc8717dffaf923a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F6111F22F1955281EB648F26D4B493D2791AF94F88B448239D97D876DCDF2CE550C380
                                                                                                                                                                                                              Function 00007FFE012F2234 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 48COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$SSL_set_ct_validation_callback
                                                                                                                                                                                                              • API String ID: 1552677711-4238296029
                                                                                                                                                                                                              • Opcode ID: 8462e2679c906cc9e36448615c1024ad7288fc3c80b789c1f52a7dda222a32f6
                                                                                                                                                                                                              • Instruction ID: c943791b5331ba512dca67c803d850a49c519c019a110ec0f6febe9e37677289
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8462e2679c906cc9e36448615c1024ad7288fc3c80b789c1f52a7dda222a32f6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 60119136B18682C2E790DB21E8407AD6361FF84BC4F999031EA8D4BBA9DF2CD451C700
                                                                                                                                                                                                              Function 00007FFDFF194A68 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                              • String ID: a unicode character$argument 1$name
                                                                                                                                                                                                              • API String ID: 3876575403-4190364640
                                                                                                                                                                                                              • Opcode ID: 3b9125b5b1efe8070f8bfaa69a26c5d9a925344cea38a0d903252173c94026c9
                                                                                                                                                                                                              • Instruction ID: 114527783ade5f14ff648d141d347ddd502a860476b762207bfa444457d9dce4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3b9125b5b1efe8070f8bfaa69a26c5d9a925344cea38a0d903252173c94026c9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF116033F08A8295EB609F52E4909A96360EB44B88F588232DA7E4779DCF2CE555C344
                                                                                                                                                                                                              Function 00007FFDFF194BA8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                              • String ID: a unicode character$argument 1$numeric
                                                                                                                                                                                                              • API String ID: 3876575403-2385192657
                                                                                                                                                                                                              • Opcode ID: 52c217464d75848053b49b711c04e020a7b03085db03b8c2e29089cfeafef3ec
                                                                                                                                                                                                              • Instruction ID: 3fca9f9c254e14cc833b71429cd3c6862219b3b07b7c22ff794d75422e13cc81
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 52c217464d75848053b49b711c04e020a7b03085db03b8c2e29089cfeafef3ec
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9116032F08A4699EB609F52E4909A96360EB44F88F588236DA3D4779DCF3CE555C380
                                                                                                                                                                                                              Function 00007FFDFF1942A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 46COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$ArgumentCheckPositional
                                                                                                                                                                                                              • String ID: a unicode character$argument 1$decimal
                                                                                                                                                                                                              • API String ID: 3876575403-2474051849
                                                                                                                                                                                                              • Opcode ID: 9348c28e7ebcd46bb31e1bfa83ec9fe388dc58031527a9d4dedc035c740255b6
                                                                                                                                                                                                              • Instruction ID: a44d62b70a29d4de945ed8321cb4c3c4f7e07bf73be67411852835973092791c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9348c28e7ebcd46bb31e1bfa83ec9fe388dc58031527a9d4dedc035c740255b6
                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF119032F08652C5EB609F12E4A08A96360FB44F88F488236DA3D4779DCF2CE655C340
                                                                                                                                                                                                              Function 00007FFE0E173417 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>$]
                                                                                                                                                                                                              • API String ID: 4228545439-2701914909
                                                                                                                                                                                                              • Opcode ID: 2f9ac14c70c4e393b0232935cdf0c9d2bfaff4d8002fa2692017f699e7fbd8b7
                                                                                                                                                                                                              • Instruction ID: c87adce0f7046864ef500eba0cd43effee18d01141121d45d5ef985e1446784a
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f9ac14c70c4e393b0232935cdf0c9d2bfaff4d8002fa2692017f699e7fbd8b7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2B012866E0960381FB164B55E81427926B1AF44F96F54403BCAEE077B1DE3EA4C1D300
                                                                                                                                                                                                              Function 00007FFDFF194974 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                              • String ID: a unicode character$argument$mirrored
                                                                                                                                                                                                              • API String ID: 3979797681-4001128513
                                                                                                                                                                                                              • Opcode ID: ea2d28226fddc5d11e335db1b9ed7ab3f9b437e3c69b8b684c3fa5e494c2232a
                                                                                                                                                                                                              • Instruction ID: 510e35fbcd03e50a87af1ef1bd22dc6cc429bbbd4a2b96ad3fabe597e39087a4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: ea2d28226fddc5d11e335db1b9ed7ab3f9b437e3c69b8b684c3fa5e494c2232a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C8018C22F0864281EB348F15A8B09B92390BF4CB9CF504735C67D832C9DF2CE5A4C380
                                                                                                                                                                                                              Function 00007FFDFF1941B8 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 35COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_ArgumentErr_Occurred
                                                                                                                                                                                                              • String ID: a unicode character$argument$combining
                                                                                                                                                                                                              • API String ID: 3979797681-4202047184
                                                                                                                                                                                                              • Opcode ID: 0010389201683798248f81cc769f89e95aab19bcf9dbd2fef4c49c29bb1cbe83
                                                                                                                                                                                                              • Instruction ID: 48131de2aacc3ed1cf9b4d688b1d12af097739ecf8378aaea2ebf7eacf4fc1d4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0010389201683798248f81cc769f89e95aab19bcf9dbd2fef4c49c29bb1cbe83
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58015E62F0864281EB789F15A8B09B923A0FF19B5CF844739D57D976D9CF2CE564C380
                                                                                                                                                                                                              Function 00007FFDFF192630 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Mem_$Capsule_Err_FreeMallocMemory
                                                                                                                                                                                                              • String ID: unicodedata._ucnhash_CAPI
                                                                                                                                                                                                              • API String ID: 3673501854-3989975041
                                                                                                                                                                                                              • Opcode ID: 5e9834a627ee6fe7d10ad507bd7f89f40610d90c00d7e2fed1f02445e86e63e1
                                                                                                                                                                                                              • Instruction ID: 2aefa9011468a8216a7f032743bb0d68e11be0924b1ea52eabecd06a0fdcf037
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5e9834a627ee6fe7d10ad507bd7f89f40610d90c00d7e2fed1f02445e86e63e1
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5EF01D22F19B4695FB254F11A42487863A4BF08B88F441631CD7D167ECEF3CE044C380
                                                                                                                                                                                                              Function 00007FFE01323150 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 21COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\t1_lib.c$SSL_CTX_set_tlsext_max_fragment_length
                                                                                                                                                                                                              • API String ID: 1552677711-1180925554
                                                                                                                                                                                                              • Opcode ID: a2ccf03ef1e851bf608a7eabc95ac11aa916ea27bfcf4fac2c59953d6929bc0a
                                                                                                                                                                                                              • Instruction ID: 9947f75bae96ccfb3069f723030ae096d5e1e647a09b05b312467aa8a1983fea
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2ccf03ef1e851bf608a7eabc95ac11aa916ea27bfcf4fac2c59953d6929bc0a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 85E09219F1A5C782F344B334D84A3E81201BF90340FE28431E00C05AF2ED1CA64A8B11
                                                                                                                                                                                                              Function 00007FFE012F218A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 16COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debugR_set_error
                                                                                                                                                                                                              • String ID: ..\s\ssl\ssl_lib.c$ssl_bad_method
                                                                                                                                                                                                              • API String ID: 1552677711-705084354
                                                                                                                                                                                                              • Opcode ID: 73d4bc4dc57e58b248f5c350303ee93a52738317f6d741eab761d3b454a404c3
                                                                                                                                                                                                              • Instruction ID: 59507f165d3a3900d73769cc23999dbd5ecac8b5219333bf2304ddf84f3313a1
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 73d4bc4dc57e58b248f5c350303ee93a52738317f6d741eab761d3b454a404c3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 80E08C24F29183D2E340B37098166FA1280EF50340FE29031E00D8AAF2DE2CA509CA40
                                                                                                                                                                                                              Function 00007FFE0E162E60 Relevance: 7.6, APIs: 5, Instructions: 80COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$BoolCompareObject_Rich
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 74976934-0
                                                                                                                                                                                                              • Opcode ID: 17efa7491bf5c65d0bc0df592ef723b91e377b90e70e0b64ccd653ff14aa8ff7
                                                                                                                                                                                                              • Instruction ID: 6b8290fde449e3b3e7abf9c2d14750442a552e4fe91324b489fca06273924756
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 17efa7491bf5c65d0bc0df592ef723b91e377b90e70e0b64ccd653ff14aa8ff7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 61214432E0950386EB644B2996543B922A1AF46BB1F490231DEEE477F6DF3CE891C740
                                                                                                                                                                                                              Function 00007FFE0E162F40 Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocFromLong_Ssize_t$BoolCompareObject_Rich
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 4107546884-0
                                                                                                                                                                                                              • Opcode ID: 0503847a05eb31ee65d24b8cd2de8721d3fd6b9122be5f266671418235303d5f
                                                                                                                                                                                                              • Instruction ID: ed8761860974993c2021933ea1a1f5e3089384db8a626564de5bd81b985c6e46
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0503847a05eb31ee65d24b8cd2de8721d3fd6b9122be5f266671418235303d5f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F1214232A08A4386E7244B2999543B922A1AF46BF0F484771DAFA477F6DF3CE450C741
                                                                                                                                                                                                              Function 00007FFE0E1682A0 Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3617616757-0
                                                                                                                                                                                                              • Opcode ID: 2840a6a8af552e18529a7c0cfc6e9ab839b091d25b7c4b451e3b8c86c476b753
                                                                                                                                                                                                              • Instruction ID: f225ec628cfae9cc90dc0e5c726940b00aafd79c8ba4b03a5ad8378a9a96c7ce
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2840a6a8af552e18529a7c0cfc6e9ab839b091d25b7c4b451e3b8c86c476b753
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BC31D876909A0281E7A98F78945837836E4EB49F3DF155336CAA9411F68F7EE485C300
                                                                                                                                                                                                              Function 00007FFE12E12578 Relevance: 7.5, APIs: 5, Instructions: 33threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083454900.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083434753.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083499244.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12e10000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$ClearDeallocRefsThread_free_lockThread_release_lockTrackWeak
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 778659985-0
                                                                                                                                                                                                              • Opcode ID: 4c2e9cd9dc90bcaed0c0b40945fb6d01ed7b17de78bc3f335a10123fcf14e4e5
                                                                                                                                                                                                              • Instruction ID: 7c96bf6bf1189838334f3acc555529e57fb66ba6b395d94bacc0d8681baf9a50
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c2e9cd9dc90bcaed0c0b40945fb6d01ed7b17de78bc3f335a10123fcf14e4e5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6D011E65A04F4282EB199F22EDA433A6360FF45FA5F045078CE0A02274CF7CD494D302
                                                                                                                                                                                                              Function 00007FFE0E164A50 Relevance: 7.5, APIs: 5, Instructions: 29threadCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_State_ThreadTrackTrash_beginTrash_condTrash_endUnchecked
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3074927763-0
                                                                                                                                                                                                              • Opcode ID: 69707f9fc98d498a150b921774ef00c8121e86a303666da432b8b0f3dee87a81
                                                                                                                                                                                                              • Instruction ID: 2f5078a641dc5baeccea716db209494e85bea392cb918b6399886a1926bf9e72
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 69707f9fc98d498a150b921774ef00c8121e86a303666da432b8b0f3dee87a81
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E8F01725B18A4391EA145F62B9481396372BF88FD5B489036CDEF47635EE3CD4858300
                                                                                                                                                                                                              Function 00007FFE0E1640C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 138COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_Unicode_
                                                                                                                                                                                                              • String ID: gfffffff
                                                                                                                                                                                                              • API String ID: 3285369508-1523873471
                                                                                                                                                                                                              • Opcode ID: cf1cbf9a7935e44a4df9f40430ae1c5f13ebca96a784f2843165b6f71ce9bfe8
                                                                                                                                                                                                              • Instruction ID: a382405a1742ca27b63d4cc1f25f4385ec6f3748e3db244b48b1ffc5ef2f44b0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf1cbf9a7935e44a4df9f40430ae1c5f13ebca96a784f2843165b6f71ce9bfe8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E04115A2B0878682EB058B16A4113B96BA0FF65BD0F491036DEEE477A2DE3CF541C741
                                                                                                                                                                                                              Function 00007FFE0E166B70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 83COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.SuperWeirdWordPlugin$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-371468285
                                                                                                                                                                                                              • Opcode ID: 936f8af44cc5eb32df3e5c2f9fb4f9c62fb30eedf158f12bf0cf58f3f029f263
                                                                                                                                                                                                              • Instruction ID: 572b40a11e177b67c23660a579628a4fbbcdf7f330b07324bca4a8f5362c7fb5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 936f8af44cc5eb32df3e5c2f9fb4f9c62fb30eedf158f12bf0cf58f3f029f263
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B841D272A08B4285EB54CF29E84436973B5FB48B88F544536CACC87379EF7AE895C340
                                                                                                                                                                                                              Function 00007FFE0E1680A0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 79COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.ArchaicUpperLowerPlugin$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-353558827
                                                                                                                                                                                                              • Opcode ID: a7ceaac8a6a41741561c8fc0222be261db1f7ed452bfcc2d00e1d1426faf2b3e
                                                                                                                                                                                                              • Instruction ID: 8133537509defcfd54c9436bb49af294a7da8ec1fce4beb64f8e28f28bb868dc
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a7ceaac8a6a41741561c8fc0222be261db1f7ed452bfcc2d00e1d1426faf2b3e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: C0310632A09B4289E7548F29E84436973B5FB48B88F540536CECC87369EF7EE594C340
                                                                                                                                                                                                              Function 00007FFE0132B140 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 76COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: O_indentO_printf
                                                                                                                                                                                                              • String ID: %s (%d)$UNKNOWN
                                                                                                                                                                                                              • API String ID: 1860387303-2251275378
                                                                                                                                                                                                              • Opcode ID: a6b6a6df7af930050c1c9ecaa713cb2278706dcd97de78112f4413c0d46a13d3
                                                                                                                                                                                                              • Instruction ID: 04c2c9b9727cf9e8263ee4c8de2627a4d0b3df6bdb4f73c78897d91348e9d36b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6b6a6df7af930050c1c9ecaa713cb2278706dcd97de78112f4413c0d46a13d3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E121D733B0879585E715AB56B8006BAEB91FB55BE4F598031DE8C47B69DE3CE482C700
                                                                                                                                                                                                              Function 00007FFE0E164B70 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 75COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.TooManySymbolOrPunctuationPlugin$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-3280324660
                                                                                                                                                                                                              • Opcode ID: 34c37a21f8e8a76e64af709d1bc2c0f9c259c514d61ec9c3c93263cc204f1b65
                                                                                                                                                                                                              • Instruction ID: 55a99ee7552a8a6009a055ba88d1aa61865cbbee40e17ce43143b1a078715d2b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34c37a21f8e8a76e64af709d1bc2c0f9c259c514d61ec9c3c93263cc204f1b65
                                                                                                                                                                                                              • Instruction Fuzzy Hash: EF31F671A09A4285EB508F29E84436973B5FB88F88F944536CADC87779EF3DE994C340
                                                                                                                                                                                                              Function 00007FFE0E165EE0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.SuspiciousDuplicateAccentPlugin$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-1506521901
                                                                                                                                                                                                              • Opcode ID: f5d1b53c5cb99fc0084e8751485b03dbb23348a67676bce07752ff5530285c5a
                                                                                                                                                                                                              • Instruction ID: 78cfa6588ffacfc33054b077df23ec83b2f900d37849597f39554335394c4bf5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f5d1b53c5cb99fc0084e8751485b03dbb23348a67676bce07752ff5530285c5a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44310B31A09A4286EB508F29E84026973B6FB48B88F944936DECD87779EF3DE551C740
                                                                                                                                                                                                              Function 00007FFE0E166620 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.SuspiciousRange$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-880397153
                                                                                                                                                                                                              • Opcode ID: 97f1ce22e347045dbd1aad3c7220bb95547e4fc2f769c4f77086c94ee5c29ebb
                                                                                                                                                                                                              • Instruction ID: 8b548c6bd877c8216ca7de5021f9b265894b896e0c65846c547af34294000a05
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 97f1ce22e347045dbd1aad3c7220bb95547e4fc2f769c4f77086c94ee5c29ebb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 09311671A09B4285EB40CF29E84426963B1FB88F88F944536DADD87379EF3DE951C740
                                                                                                                                                                                                              Function 00007FFE012F2220 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 71COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_construct_stoc_renegotiate
                                                                                                                                                                                                              • API String ID: 0-2728901138
                                                                                                                                                                                                              • Opcode ID: cf738bbd052664f1972163c08f32e3213573d88c1c7d60971618b95c7380825e
                                                                                                                                                                                                              • Instruction ID: d1e8f5938b2146878a025b73922a594f7fe2926b692714c4b94ce95d8afd2c00
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cf738bbd052664f1972163c08f32e3213573d88c1c7d60971618b95c7380825e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94216D51F582C382FB58A722A9017BA5291EFC57C8F891034EE0D4FAE6DE2DE991D304
                                                                                                                                                                                                              Function 00007FFE101D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3077305025.00007FFE101D1000.00000020.00000001.01000000.0000001B.sdmp, Offset: 00007FFE101D0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077283991.00007FFE101D0000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077324741.00007FFE101D4000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077344275.00007FFE101D5000.00000004.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3077367222.00007FFE101D6000.00000002.00000001.01000000.0000001B.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe101d0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: _wassertmemcpy
                                                                                                                                                                                                              • String ID: hs->curlen < BLOCK_SIZE$src/SHA1.c
                                                                                                                                                                                                              • API String ID: 785382960-330188172
                                                                                                                                                                                                              • Opcode ID: c0c0089d6db84a754a9f4dd4ff2d59823096eb03f0e69a83426b2c5603fec51d
                                                                                                                                                                                                              • Instruction ID: 9626ae31ecfee111ab5a5253190623193f3f30264dafe496b15316b2cfb22b8d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: c0c0089d6db84a754a9f4dd4ff2d59823096eb03f0e69a83426b2c5603fec51d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC21C721B04A5187FB148F1AE1483BD7761FF98BA8F148076EB9D07B69CE3CD8818740
                                                                                                                                                                                                              Function 00007FFE0E168CA0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.ArabicIsolatedFormPlugin$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-1141011871
                                                                                                                                                                                                              • Opcode ID: 23f5a2c7b096d06d01eb3871af5904b66a235530d76f2ee696442db9d8267455
                                                                                                                                                                                                              • Instruction ID: e19a421f04d505d25a57236dbe9592d69ca62956e238e80c52c6142b63394193
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 23f5a2c7b096d06d01eb3871af5904b66a235530d76f2ee696442db9d8267455
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9131E531A09A4285EB518B29E8402A963B1FB88B88F944536DACC87779EF3DE591C740
                                                                                                                                                                                                              Function 00007FFE0E167C80 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.CjkInvalidStopPlugin$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-2610960353
                                                                                                                                                                                                              • Opcode ID: 8fb573ce82b03b49b971735be1934d6717b517d4793b053c5ee95150838962e7
                                                                                                                                                                                                              • Instruction ID: b2a21dd424400a9059483676cae4b2d645c48797af01caee09c980a445fc0932
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8fb573ce82b03b49b971735be1934d6717b517d4793b053c5ee95150838962e7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: ED312931A09A4286EB40CB29E8402A963B5FB48F88F940537DECC87779EF3DE551C740
                                                                                                                                                                                                              Function 00007FFE0E165AC0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.UnprintablePlugin$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-116036081
                                                                                                                                                                                                              • Opcode ID: a19bfcd0bc2a39601935727382be1883cd65f1bf403de69da9ba8a04fa20ca69
                                                                                                                                                                                                              • Instruction ID: 3de64a1360bf6a3866d653b3572803dba8074b35ebae9823b3609e9950d987d0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a19bfcd0bc2a39601935727382be1883cd65f1bf403de69da9ba8a04fa20ca69
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DF312731A09A4285EB50CB29E84026963B2FB48B88F944536CADC87779EF7DE591C740
                                                                                                                                                                                                              Function 00007FFE0E165510 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: __init__$charset_normalizer.md.TooManyAccentuatedPlugin$interpreted classes cannot inherit from compiled
                                                                                                                                                                                                              • API String ID: 1450464846-2999409259
                                                                                                                                                                                                              • Opcode ID: a2b4f841c427623195fe10fc27177ec560be6813d020b583a2a249e89a4623a4
                                                                                                                                                                                                              • Instruction ID: f9ea7c996dd4a02abaf1825b4b0724e6c2e059b249e67b01db3e68bc45653edb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2b4f841c427623195fe10fc27177ec560be6813d020b583a2a249e89a4623a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 79311875A09A0285EB408B29E4442A963B2FF88B88F944536DEDC87779EF3DE591C340
                                                                                                                                                                                                              Function 00007FFE0E1693E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: SubtypeType_
                                                                                                                                                                                                              • String ID: charset_normalizer.md.MessDetectorPlugin$eligible$str
                                                                                                                                                                                                              • API String ID: 2891779845-1291782451
                                                                                                                                                                                                              • Opcode ID: b79d553492879a35acec6e1eb3a706dafbdec81f241df06951d492e9cc012064
                                                                                                                                                                                                              • Instruction ID: c0261c8990a7dbfce0c15882238e8a013b44ae7e5969dad74cafabd9e8b7bc0f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b79d553492879a35acec6e1eb3a706dafbdec81f241df06951d492e9cc012064
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14115161B0868782FA549B16D9511B563B5AFC5F80F844437DDCD4B3B6DE3CE485C350
                                                                                                                                                                                                              Function 00007FFE0E166A60 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_String
                                                                                                                                                                                                              • String ID: 'SuspiciousRange' object attribute '_last_printable_seen' cannot be deleted$str or None
                                                                                                                                                                                                              • API String ID: 1259552197-1971554219
                                                                                                                                                                                                              • Opcode ID: 536ee04c57d0170a7cdc1d1e807d43216871576afa4680f0d46466139b5a0dcc
                                                                                                                                                                                                              • Instruction ID: 7748d93dda00a4794ef29f74af6eff78408adce22e116699da4c367b1f7d0d4f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 536ee04c57d0170a7cdc1d1e807d43216871576afa4680f0d46466139b5a0dcc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 21112131B08A4282EF55CB59E59427933B1EF48FA4F589132DA9D477B5DE3CE8908700
                                                                                                                                                                                                              Function 00007FFE0E168B00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_String
                                                                                                                                                                                                              • String ID: 'ArchaicUpperLowerPlugin' object attribute '_last_alpha_seen' cannot be deleted$str or None
                                                                                                                                                                                                              • API String ID: 1259552197-1607602726
                                                                                                                                                                                                              • Opcode ID: 5293e4d790d941984d75e194882c87e91039df3a9549264a8d4134c061a7968b
                                                                                                                                                                                                              • Instruction ID: a51610d283cc25f57f859ce01c3fbcc875dbb6d3e7b77cb8823b699cddca67bb
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5293e4d790d941984d75e194882c87e91039df3a9549264a8d4134c061a7968b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8B1182B2B18A0282EF59CF69E45427823A1FF89FA4F584132DA9D477B5DE3CE4918700
                                                                                                                                                                                                              Function 00007FFE0E166510 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_String
                                                                                                                                                                                                              • String ID: 'SuspiciousDuplicateAccentPlugin' object attribute '_last_latin_character' cannot be deleted$str or None
                                                                                                                                                                                                              • API String ID: 1259552197-4111674009
                                                                                                                                                                                                              • Opcode ID: 123b0e0edca87699ceb005325b3cc30c1c7c759612da402022b3c4cfddce1947
                                                                                                                                                                                                              • Instruction ID: c1ba7efc031c99a1c05376c75deb8b86e586e6c4bfae4977249f20f306e2b998
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 123b0e0edca87699ceb005325b3cc30c1c7c759612da402022b3c4cfddce1947
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53116671B08A4281EF55CB19E55127823B1EF88FD8F584132DA9D477B5DE3CE890C700
                                                                                                                                                                                                              Function 00007FFE0E165370 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_String
                                                                                                                                                                                                              • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_last_printable_char' cannot be deleted$str or None
                                                                                                                                                                                                              • API String ID: 1259552197-2331204894
                                                                                                                                                                                                              • Opcode ID: 2a3a06dc648ba0ad56031619fa2a9285f757ca57875262c5f607061b8e5e5f17
                                                                                                                                                                                                              • Instruction ID: f61c7c1c3876273048ca6b33752ad950efd2a674069c3c67e6fd8fc20ad5a755
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2a3a06dc648ba0ad56031619fa2a9285f757ca57875262c5f607061b8e5e5f17
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A115E32B18A4282EF558B2AE55027823A2FF88F94F585532DA9D477B5DF3CE4908700
                                                                                                                                                                                                              Function 00007FFE12E125F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083454900.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083434753.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083499244.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12e10000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Arg_$KeywordsModulePositionalType_
                                                                                                                                                                                                              • String ID: SimpleQueue
                                                                                                                                                                                                              • API String ID: 3925802263-3395603730
                                                                                                                                                                                                              • Opcode ID: b2ad81911b2a31d446dd87bc841229d8022e1abee216a269caa15919e66a9b65
                                                                                                                                                                                                              • Instruction ID: 8f60ae031eba1de95e70d7bc7d8d16687cb8f5c7e6ca44419c8e6116f273f4ff
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2ad81911b2a31d446dd87bc841229d8022e1abee216a269caa15919e66a9b65
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0F1154A1B08E6295EA528F13EC4057B67A0EB44FE4F4840B5CE5C177B4DFBCD895A701
                                                                                                                                                                                                              Function 00007FFE0E169510 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 51COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: SubtypeType_
                                                                                                                                                                                                              • String ID: charset_normalizer.md.MessDetectorPlugin$feed$str
                                                                                                                                                                                                              • API String ID: 2891779845-1310269896
                                                                                                                                                                                                              • Opcode ID: e6585d4211be8c3d1b43286e6b3894c0c7e97cee89024cf352fa24bd2f3cdaf4
                                                                                                                                                                                                              • Instruction ID: fc2877f5b11ebe7d336648393ed7f74e13048204fb044c2998d389b46af13fd7
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e6585d4211be8c3d1b43286e6b3894c0c7e97cee89024cf352fa24bd2f3cdaf4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9B113AA1A0864786EA549B16E8411B563B1BF84FC4F884437DDCD473B6DF3CE881C740
                                                                                                                                                                                                              Function 00007FFE0E167910 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 45COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_buffer' cannot be deleted$str
                                                                                                                                                                                                              • API String ID: 1259552197-1393815803
                                                                                                                                                                                                              • Opcode ID: d3e51333ee7bb353017db5e4ae424c84a6269c24dc170787b50dc506d8d5fab0
                                                                                                                                                                                                              • Instruction ID: 3d3694c3eccfc434071b7db9d2598a3fd43028d02d1cc1a613fcf8553e01ff25
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3e51333ee7bb353017db5e4ae424c84a6269c24dc170787b50dc506d8d5fab0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC115132A0894286EB548F29E44023963A1EF48BA8F585233DA9D467A9DE2CD490C700
                                                                                                                                                                                                              Function 00007FFE0E169840 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_FormatMethodObject_Vectorcall
                                                                                                                                                                                                              • String ID: bool$eligible
                                                                                                                                                                                                              • API String ID: 2503426208-3320767611
                                                                                                                                                                                                              • Opcode ID: fd3b1030b0fba7f16979bc14970bee3d860516e806d1881cf1baefa4d8860011
                                                                                                                                                                                                              • Instruction ID: edd385690a21302820d6cd1a496b1c6d373ded8b703a93c5698066c302c14fe0
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fd3b1030b0fba7f16979bc14970bee3d860516e806d1881cf1baefa4d8860011
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E0111E61E09A4781FB608B16F8457B923B5EF88B94F585037DADD066B6DE3CE4C1C740
                                                                                                                                                                                                              Function 00007FFE0E16BA80 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_FormatMethodObject_Vectorcall
                                                                                                                                                                                                              • String ID: bool$eligible
                                                                                                                                                                                                              • API String ID: 2503426208-3320767611
                                                                                                                                                                                                              • Opcode ID: 1296c0de5791415746ce132a4b3d3335ee2db6ba2a94c34b2a423235d41a41be
                                                                                                                                                                                                              • Instruction ID: 22e18363d3ed371758814d8cb34277bbe0512c31b789dace9f4f37c8d5b8c215
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1296c0de5791415746ce132a4b3d3335ee2db6ba2a94c34b2a423235d41a41be
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2E111221E1DA4381FB508B15F4857B923B1EF44B84F585037D9DD466B6DE7CD480C700
                                                                                                                                                                                                              Function 00007FFE0E16A220 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocErr_FormatMethodObject_Vectorcall
                                                                                                                                                                                                              • String ID: bool$eligible
                                                                                                                                                                                                              • API String ID: 2503426208-3320767611
                                                                                                                                                                                                              • Opcode ID: 9c7eda569192ff39cea24a6dc0993c6155055cdb069a02d3fbe1c0f3014e145a
                                                                                                                                                                                                              • Instruction ID: b41f4de4aa130b16346145e754ce2b93ab8a9796157fa7655995461e8521e140
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9c7eda569192ff39cea24a6dc0993c6155055cdb069a02d3fbe1c0f3014e145a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 96110061E49A4381FB918B55E8456B923A1EF48FC4F585037D9DD06676DE3DE580C700
                                                                                                                                                                                                              Function 00007FFDFF191EF0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 42COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyErr_SetString.PYTHON312(?,?,?,?,?,00007FFDFF191EDC), ref: 00007FFDFF193B35
                                                                                                                                                                                                                • Part of subcall function 00007FFDFF191FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFF192008
                                                                                                                                                                                                                • Part of subcall function 00007FFDFF191FD0: strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FFDFF192026
                                                                                                                                                                                                              • PyErr_Format.PYTHON312 ref: 00007FFDFF191F53
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_strncmp$FormatString
                                                                                                                                                                                                              • String ID: name too long$undefined character name '%s'
                                                                                                                                                                                                              • API String ID: 3882229318-4056717002
                                                                                                                                                                                                              • Opcode ID: 715c9f25760f3b51f9c773b91e4e06c178d711229799cf52a99adf42e7180ef0
                                                                                                                                                                                                              • Instruction ID: 177ca7e0fa09c3058e01ecb30233e51f165761acb078e980a549715db345b76c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 715c9f25760f3b51f9c773b91e4e06c178d711229799cf52a99adf42e7180ef0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0411D067F18947D1FB108F14E8A49B463A1FB58B8CF844631CA3D562E8DF6DD14AC740
                                                                                                                                                                                                              Function 00007FFE0E17327E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4228545439-217463007
                                                                                                                                                                                                              • Opcode ID: 2d2a708b7e9c6b170cf23d4e9e57733a10fd2dd485d4ae2f5aebed7292d3d817
                                                                                                                                                                                                              • Instruction ID: e09246fcf2d880f3d9434adfd483a4aeda172b7069183e6abb3ce6f2d9ae03b5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d2a708b7e9c6b170cf23d4e9e57733a10fd2dd485d4ae2f5aebed7292d3d817
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9E014666A0AA03C1FB118B95E80527926B2BF44F95F54443BCEEE073B1DE3EA5829300
                                                                                                                                                                                                              Function 00007FFE0E1730E5 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4228545439-217463007
                                                                                                                                                                                                              • Opcode ID: b2ba9a2f798fd699df9441c6f28f85d20e0b661e3dd300c4fa9b1b2e8ef2f55c
                                                                                                                                                                                                              • Instruction ID: 2493f3c0a99a9bef7198ebbd57d59e8cb46010e14a1b87a8359d9bcd39473a2e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2ba9a2f798fd699df9441c6f28f85d20e0b661e3dd300c4fa9b1b2e8ef2f55c
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E2012866E09603C1FB118B54E80027927B2AF45F95F544437C9DD077B0DE3DA482D301
                                                                                                                                                                                                              Function 00007FFE0E173962 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4228545439-217463007
                                                                                                                                                                                                              • Opcode ID: d90500b538360b9f4c8925838418195ca52a43c8141611b3de03614b2d65dea3
                                                                                                                                                                                                              • Instruction ID: 121ee267b7a3a2601db351ebf009a8fb8c1898212d5bf7d1ff090c0605816e7d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d90500b538360b9f4c8925838418195ca52a43c8141611b3de03614b2d65dea3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: AB014BA6B0A643C5FB118B55E8052B922B1AF44F95F44443BC9DE073B0EE3DA9829301
                                                                                                                                                                                                              Function 00007FFE0E172F53 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4228545439-217463007
                                                                                                                                                                                                              • Opcode ID: 166296d135c22550faf87a4478f39365405aac44cd76d04ff2652bb2e6fceeeb
                                                                                                                                                                                                              • Instruction ID: 44657c3344a7f13d588a49869ea8ed3424f368e3a1fb08309cbee4e11d694bb3
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 166296d135c22550faf87a4478f39365405aac44cd76d04ff2652bb2e6fceeeb
                                                                                                                                                                                                              • Instruction Fuzzy Hash: D4014BA6F09A0381FB014B55E8042B926B1BF45FD5F44443BC9CD077B0EE3DA482C711
                                                                                                                                                                                                              Function 00007FFE0E173799 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4228545439-217463007
                                                                                                                                                                                                              • Opcode ID: 4fa8dced8347627bbe480c94179f8dd52820337c6540b65c3989e3227d02eaed
                                                                                                                                                                                                              • Instruction ID: 83a2ab27911406f9b6ed03c56d08697010e14158fc86c06647a58b5f7b483f51
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4fa8dced8347627bbe480c94179f8dd52820337c6540b65c3989e3227d02eaed
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7C0146B6E09A03C1FB119B55E84427922B2AF44F95F544437C9ED077B1EE3DE582A300
                                                                                                                                                                                                              Function 00007FFE0E172DC1 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4228545439-217463007
                                                                                                                                                                                                              • Opcode ID: f9e79d98217b6af04699066bde90bc8a09603273ecb8a87cf543a58cca8d7e40
                                                                                                                                                                                                              • Instruction ID: e3da73f554f3537b8254be201264ee667c812083be30a78899e4292ae6f21fe9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f9e79d98217b6af04699066bde90bc8a09603273ecb8a87cf543a58cca8d7e40
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B701FBA6E0964381FB159B55E84427926B1AF44FD5F94543BCDCD077B1DE3DA982C300
                                                                                                                                                                                                              Function 00007FFE0E172C10 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4228545439-217463007
                                                                                                                                                                                                              • Opcode ID: 7122e88d3867b581ebcafda45c56e1cf1dd1e15bc3547758ac83732488b85d01
                                                                                                                                                                                                              • Instruction ID: 4dcb1c78b0bf913e5482556b9e05ad5f3618efd53affe61af685ca2c427f3214
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7122e88d3867b581ebcafda45c56e1cf1dd1e15bc3547758ac83732488b85d01
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8014BB6E0AA0381FB014B55E80027926B1BF55FA5F944437DADD073B1DE3DE582C341
                                                                                                                                                                                                              Function 00007FFE0E173BB9 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc$Object_Vectorcall
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 1057673266-217463007
                                                                                                                                                                                                              • Opcode ID: d0a793c1b92b1ba2326b8f4f76d164773628070bb2207e2ea55ddd15c785efc5
                                                                                                                                                                                                              • Instruction ID: e17bcd0e09543b916b06ab22f9937f294c4f14a71be6db7c4d321f54f9e200da
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d0a793c1b92b1ba2326b8f4f76d164773628070bb2207e2ea55ddd15c785efc5
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 81F08C32F0969382FB615F10A9003B96271AB42FE1F844037CDCD07AA1DF3CA6868700
                                                                                                                                                                                                              Function 00007FFE0E164AF0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$DeallocErr_$ArgsAttrCallInstanceObjectOccurred
                                                                                                                                                                                                              • String ID: ratio
                                                                                                                                                                                                              • API String ID: 1598006454-4234197119
                                                                                                                                                                                                              • Opcode ID: 471954b7777a922e7003b8b66f6afcad111dd8d21ff35cf6cf93c90ef2743453
                                                                                                                                                                                                              • Instruction ID: c49a41cef203c26a0b82d9d1519f5f874f9723ed4444b0dc0e28f8590ce31a1c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 471954b7777a922e7003b8b66f6afcad111dd8d21ff35cf6cf93c90ef2743453
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B501C965E09A0781FA559B62E80527923B1BF48F99F046437C9DD466B6DE3CA4C18700
                                                                                                                                                                                                              Function 00007FFE0E163870 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_Format
                                                                                                                                                                                                              • String ID: %s object expected; and errored formatting real type!$%s object expected; got %U
                                                                                                                                                                                                              • API String ID: 376477240-2630277986
                                                                                                                                                                                                              • Opcode ID: 473a003f54d6f7c752b27aeda5fcde34e92740bde8275731a583bed6763a763e
                                                                                                                                                                                                              • Instruction ID: 92f35d21a0e96ed0123ff18ffa5db16cf0993ff6e78bb4a2f9fc8c0c96b4d7df
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 473a003f54d6f7c752b27aeda5fcde34e92740bde8275731a583bed6763a763e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 11F0F922E1DA46C1EA054B56F9541B96372FF88FD4F885032DADD47776DE7CD5808700
                                                                                                                                                                                                              Function 00007FFE0E173625 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_ItemPackTuple_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 4228545439-217463007
                                                                                                                                                                                                              • Opcode ID: 8bb8d63364f4d9428e518a68665cdadee7b3ff0199c2f6f68ad00a64bf7896fa
                                                                                                                                                                                                              • Instruction ID: b8f329f296ef58185504b4074dde2782716a215183c59e0440325c3cdb911add
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bb8d63364f4d9428e518a68665cdadee7b3ff0199c2f6f68ad00a64bf7896fa
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A1F05E66F0D64381FB128B54E8442792671AF04F95F404437DAED063B1EE7EAA82E700
                                                                                                                                                                                                              Function 00007FFE012F1172 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_newR_set_debug
                                                                                                                                                                                                              • String ID: ..\s\ssl\statem\extensions_srvr.c$tls_parse_ctos_ems
                                                                                                                                                                                                              • API String ID: 193678381-2230499117
                                                                                                                                                                                                              • Opcode ID: b2ab34396721f5f91c47442cae922e5ad8c9b103f6bec6afc967abf81ba9423b
                                                                                                                                                                                                              • Instruction ID: eb792cc2941ad5355fef1f8dfb5b3ad48ef37f07774d0a2dda3ca4e1c28fca5d
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b2ab34396721f5f91c47442cae922e5ad8c9b103f6bec6afc967abf81ba9423b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: BEF0BE62F0A2C387F754E7A0E4497E86650EF80344F995030D50C8A6F7DF2CAAE68710
                                                                                                                                                                                                              Function 00007FFDFF191FD0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 173stringCOMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: strncmp
                                                                                                                                                                                                              • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                                              • API String ID: 1114863663-87138338
                                                                                                                                                                                                              • Opcode ID: 2595fa2025d07ddf98b647c638fd1ed7edd11107ba76c08aad6fbc153bf9cbc4
                                                                                                                                                                                                              • Instruction ID: 8124747f1ef9186fdb9c2029c3d184fdcc8ed563673ecef7e44e62367f4d43ac
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2595fa2025d07ddf98b647c638fd1ed7edd11107ba76c08aad6fbc153bf9cbc4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: B561C573F1868246F7748E15A820A7A6352FB90B98F444335EA7D876DDDFBCE5018780
                                                                                                                                                                                                              Function 00007FFE0E164D50 Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Dealloc
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3617616757-0
                                                                                                                                                                                                              • Opcode ID: de20fd91dbdfff6491d49064e48c38d0f3711318e14f451e7bcc6ada253c0b05
                                                                                                                                                                                                              • Instruction ID: cce48cfd363ad79cb48c6d242996aedb697d354678baa86ac5996ac76f152615
                                                                                                                                                                                                              • Opcode Fuzzy Hash: de20fd91dbdfff6491d49064e48c38d0f3711318e14f451e7bcc6ada253c0b05
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D21A472D0960681EBA58F78D94837832A4FF69B3DF255336CAFD411E28F7E95868340
                                                                                                                                                                                                              Function 00007FFDFF192C1C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: 72bede81ece5e2e392027b9a3fb7c5a8727f1bec05a0bf030ff1659b91ba639d
                                                                                                                                                                                                              • Instruction ID: a5d2c0d3ae78cea3af4d43dfa1920f95ea712dacc2c97947f877a0cb2e209281
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72bede81ece5e2e392027b9a3fb7c5a8727f1bec05a0bf030ff1659b91ba639d
                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD112E26B14F0189EB10CF60E8656B933A4FB19B58F440E31DA7D86BE8DF78D168C380
                                                                                                                                                                                                              Function 00007FFE0E17445C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: d3d1321a496d43a806280c7c808c824c2ab720a7f12bb8b84a6a773afcfa79a4
                                                                                                                                                                                                              • Instruction ID: b7423135f05f5e5e04b8c15919e95da229c98f87c6e26e557f4d62d47066cfbd
                                                                                                                                                                                                              • Opcode Fuzzy Hash: d3d1321a496d43a806280c7c808c824c2ab720a7f12bb8b84a6a773afcfa79a4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1D110026B14F058AEB10CF60E8556BC33B4FB59B58F441E36DAAD467A4EF7CD1588380
                                                                                                                                                                                                              Function 00007FFE12E1166C Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMONLIBRARYCODE
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3083454900.00007FFE12E11000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FFE12E10000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083434753.00007FFE12E10000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083473519.00007FFE12E13000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083499244.00007FFE12E15000.00000004.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3083524050.00007FFE12E16000.00000002.00000001.01000000.0000000F.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe12e10000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2933794660-0
                                                                                                                                                                                                              • Opcode ID: fc348722533f7bede41270b70dd1cf40f05866eac93c13f3ada98f936aa9b055
                                                                                                                                                                                                              • Instruction ID: ef0ccfd3bc6d3b087e57cf65ff7a957ecad1ab39864676e34b6980a4f06d56c6
                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc348722533f7bede41270b70dd1cf40f05866eac93c13f3ada98f936aa9b055
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A113026F14F0189EB00CF61EC542B933A4FB19768F440D39DA6D467A4DFB8D1989381
                                                                                                                                                                                                              Function 00007FFE0130E080 Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: X509_$E_add_lookupP_ctrl_exR_pop_to_markR_set_mark
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 3663983608-0
                                                                                                                                                                                                              • Opcode ID: 4e8de6fcb889ed67621b90c95a16faa81c60c72036cf917293118e90248bb0b4
                                                                                                                                                                                                              • Instruction ID: 8d10bd5f3768233c88de025e93e0717dbb0d34075e3e171db0a055e1bc0a14ab
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e8de6fcb889ed67621b90c95a16faa81c60c72036cf917293118e90248bb0b4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6EF0A462B0878285EB50AB55F0417AD63A0EF48BD4F459134FE8C0BBAAEF3CD5404B04
                                                                                                                                                                                                              Function 00007FFE0E163590 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$ArgsCallDeallocErr_InstanceObject
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 469999563-0
                                                                                                                                                                                                              • Opcode ID: 92cea22f9d62e0e3cbdb89483146f05de8a570be674a12b85927755567d80cf9
                                                                                                                                                                                                              • Instruction ID: 1f0a4ba1bc503cfd9f1bcb5a2389b2c2bc0438edc961c76e2c381504f5f439d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 92cea22f9d62e0e3cbdb89483146f05de8a570be674a12b85927755567d80cf9
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29F0F961A08A4281FA554B22EA4423963A2AF88FD5F089032CDDE47775EF3CE4908710
                                                                                                                                                                                                              Function 00007FFE01309210 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: L_sk_dupL_sk_freeL_sk_set_cmp_funcL_sk_sort
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1312970346-0
                                                                                                                                                                                                              • Opcode ID: 12e6d4d1afd1d1277fa0f79b28d99069ba464e4763cb726048a7bb04a3b838b0
                                                                                                                                                                                                              • Instruction ID: 8dc857faae36ac559351a8d7a4f64af756148df829856e6efdda869ce25b6bb8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 12e6d4d1afd1d1277fa0f79b28d99069ba464e4763cb726048a7bb04a3b838b0
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBF01262B18643C1EB45AB66F5913B86290EF98BC4F859031FE4D4B7A7DE2CD4904701
                                                                                                                                                                                                              Function 00007FFE01317220 Relevance: 6.0, APIs: 4, Instructions: 27COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: X_free
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 2268491255-0
                                                                                                                                                                                                              • Opcode ID: 363515c756ca6ebd85c3aec3c2b185af4ebda8eba70b28f4b052b87baa8bd7c7
                                                                                                                                                                                                              • Instruction ID: 4486601d3e5913a8e590e07dcf0f0ba3cb7db14a4747a342ee538d940c6395f8
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 363515c756ca6ebd85c3aec3c2b185af4ebda8eba70b28f4b052b87baa8bd7c7
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 98F04F2260968681EB44AFA6D4502F862E4FF90B84F09C135EE8C0E6AACF2CD0528750
                                                                                                                                                                                                              Function 00007FFE012FE1B2 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075897811.00007FFE012F1000.00000020.00000001.01000000.00000013.sdmp, Offset: 00007FFE012F0000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075871905.00007FFE012F0000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075897811.00007FFE01372000.00000020.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076057610.00007FFE01374000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076084155.00007FFE0139C000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A1000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013A7000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076104701.00007FFE013AF000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe012f0000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: R_new$L_sk_new_nullL_sk_push
                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                              • API String ID: 1838660387-0
                                                                                                                                                                                                              • Opcode ID: 6bb3114cdefc007a73e5d58c2eb7673d3f1539b19f24d31e1bcdfc093de9257b
                                                                                                                                                                                                              • Instruction ID: e8fa067e20a9190c9f45e42833bc9dde6b2e91c82d9883a25dbfadd389b982ba
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6bb3114cdefc007a73e5d58c2eb7673d3f1539b19f24d31e1bcdfc093de9257b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F7E0ED20E0D64381FF6167A595513BE12908F927C4F169039DD8D1E7F7EE6CE8816226
                                                                                                                                                                                                              Function 00007FFE0E169640 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 43COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • PyType_IsSubtype.PYTHON312 ref: 00007FFE0E16967B
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E163870: PyErr_Format.PYTHON312 ref: 00007FFE0E1638A4
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: PyThreadState_Get.PYTHON312 ref: 00007FFE0E163912
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: PyErr_Fetch.PYTHON312 ref: 00007FFE0E16392A
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: PyCode_NewEmpty.PYTHON312 ref: 00007FFE0E16393D
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: PyFrame_New.PYTHON312 ref: 00007FFE0E163957
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: _Py_Dealloc.PYTHON312 ref: 00007FFE0E163972
                                                                                                                                                                                                                • Part of subcall function 00007FFE0E1638F0: _PyErr_ChainExceptions1.PYTHON312 ref: 00007FFE0E16397D
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_$ChainCode_DeallocEmptyExceptions1FetchFormatFrame_State_SubtypeThreadType_
                                                                                                                                                                                                              • String ID: charset_normalizer.md.MessDetectorPlugin$reset
                                                                                                                                                                                                              • API String ID: 2783664582-4122180197
                                                                                                                                                                                                              • Opcode ID: 50d667578f904583a1be1f1efe41363a45dddefee54ea79af4598ffb60b6f244
                                                                                                                                                                                                              • Instruction ID: c046d11ac5c1f084d81e3bffcde88d31d42d8f2bc041bc9a9d7d73d3e51608f9
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 50d667578f904583a1be1f1efe41363a45dddefee54ea79af4598ffb60b6f244
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 29017CA0B0820782FA149B66D8510B523A6AF85FC4F884037CDED473B2DE3CE991C310
                                                                                                                                                                                                              Function 00007FFE0E17294B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocImportImport_
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 187899110-217463007
                                                                                                                                                                                                              • Opcode ID: 400619b1e10e553d06805b5cac81da56ae1e83cfe9e1e2f7e8cbdebf99782b4e
                                                                                                                                                                                                              • Instruction ID: 6dd14fb030ba64b0ccc37fec5520755be86e1826e33cb623e1803b76a1ba4e8b
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 400619b1e10e553d06805b5cac81da56ae1e83cfe9e1e2f7e8cbdebf99782b4e
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6B0148A6A09A1381FA118B19E8101752AB1BF85F98F48493BCDDE073B0EE3DB842C300
                                                                                                                                                                                                              Function 00007FFE0E173AF4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: DeallocDict_Item
                                                                                                                                                                                                              • String ID: <module>
                                                                                                                                                                                                              • API String ID: 1953171116-217463007
                                                                                                                                                                                                              • Opcode ID: cea570c9e4c877060a930c437a495ea41904c6aad3931d567d61664f22c5f545
                                                                                                                                                                                                              • Instruction ID: dec8e5c3ee6263a7ba64a8e3e3b3046033f6694b8a3325434195fb645322d263
                                                                                                                                                                                                              • Opcode Fuzzy Hash: cea570c9e4c877060a930c437a495ea41904c6aad3931d567d61664f22c5f545
                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9012876E0964380FB418B55E84167926B1BF45F99F44443BC9DD072B1DF3DE881A300
                                                                                                                                                                                                              Function 00007FFDFF194B1C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: String$Err_FromUnicode_
                                                                                                                                                                                                              • String ID: no such name
                                                                                                                                                                                                              • API String ID: 3678473424-4211486178
                                                                                                                                                                                                              • Opcode ID: 486a057b87cc78e3bf1f4718cf85fd2ddf776dd4b60ee12a49ea37b0645cc7c2
                                                                                                                                                                                                              • Instruction ID: e58116a7ce99f446177e3faa54470686e197be5ec1506aaa835dcd55b550ce15
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 486a057b87cc78e3bf1f4718cf85fd2ddf776dd4b60ee12a49ea37b0645cc7c2
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 55011E32F1864286FB719F11E861BB52390AB58B8CF444131DA7E967E8EF2CE114C640
                                                                                                                                                                                                              Function 00007FFE0E165450 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'TooManySymbolOrPunctuationPlugin' object attribute '_frenzy_symbol_in_word' cannot be deleted$bool
                                                                                                                                                                                                              • API String ID: 1450464846-825057536
                                                                                                                                                                                                              • Opcode ID: 700ef3ff19f8c4cdb3fd7d2e6a51b4cd9e17832f8e35b762e0277abced5340ad
                                                                                                                                                                                                              • Instruction ID: f5128cac1c92cb704f4b59520ec04c965e89dbf755281c81d87dfee43e088bd5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 700ef3ff19f8c4cdb3fd7d2e6a51b4cd9e17832f8e35b762e0277abced5340ad
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 18F08C61F09A0384EE049729D89003823B2BF94FA5FE44633C4DC422B1EE2CE99AC300
                                                                                                                                                                                                              Function 00007FFE0E1694B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$Dealloc$ArgsAttrCallErr_InstanceObject
                                                                                                                                                                                                              • String ID: feed
                                                                                                                                                                                                              • API String ID: 1069087923-591414443
                                                                                                                                                                                                              • Opcode ID: e206d12f590214aef32cb451402f2a2ffff22c1050b1ab95fdc68ab96929361f
                                                                                                                                                                                                              • Instruction ID: 69a2a7c681e3482fb27cff7195575806e8b6b556f93a673424895c5a83d75284
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e206d12f590214aef32cb451402f2a2ffff22c1050b1ab95fdc68ab96929361f
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8BF0F865E0D64781FA655B61E88927623A1AF89F84F041037CCDD477B6DE3CE5808700
                                                                                                                                                                                                              Function 00007FFE0E1696E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$Dealloc$ArgsAttrCallErr_InstanceObject
                                                                                                                                                                                                              • String ID: ratio
                                                                                                                                                                                                              • API String ID: 1069087923-4234197119
                                                                                                                                                                                                              • Opcode ID: 8bfacd33d5e348d4e834a7e3b6b9482d8e6b37b9a4ce03c5ca4e5a97e96ef6fe
                                                                                                                                                                                                              • Instruction ID: 669f070689359877b2c27a91b2df9d6c00b0b01d545b1e72ac440b906845a337
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8bfacd33d5e348d4e834a7e3b6b9482d8e6b37b9a4ce03c5ca4e5a97e96ef6fe
                                                                                                                                                                                                              • Instruction Fuzzy Hash: FEF0FE65E0964782FA159F65E80517523B1AF49F89F085037CDDD0B7B6DE3CE4808700
                                                                                                                                                                                                              Function 00007FFE0E168550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'ArchaicUpperLowerPlugin' object attribute '_buf' cannot be deleted$bool
                                                                                                                                                                                                              • API String ID: 1450464846-2595685569
                                                                                                                                                                                                              • Opcode ID: e38f0984c4c1611e1718bfb4cf09e8dd0e3f80a23a238c5ea0e4e88e53ca123b
                                                                                                                                                                                                              • Instruction ID: dc7de0892c6d23e72f7225439cc942f3d7391141f6ad7e4150073da763977d3e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e38f0984c4c1611e1718bfb4cf09e8dd0e3f80a23a238c5ea0e4e88e53ca123b
                                                                                                                                                                                                              • Instruction Fuzzy Hash: E4F01265F05A4391EE049729D8900742372BB54F65FE44233D5DC462F1EE2CE5DAC700
                                                                                                                                                                                                              Function 00007FFE0E167550 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_is_current_word_bad' cannot be deleted$bool
                                                                                                                                                                                                              • API String ID: 1450464846-604167972
                                                                                                                                                                                                              • Opcode ID: 83cb8b1b7c5c35c383c729c79dacad1d61948158a82efc6481936f7382729eb3
                                                                                                                                                                                                              • Instruction ID: 80448ef1c5bf086b49ac294eb663d92cd8cea4f99f567d893a6174d0894238d5
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 83cb8b1b7c5c35c383c729c79dacad1d61948158a82efc6481936f7382729eb3
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5DF01265F05A4395EE049729D8900742372BB54F69FE44273D5DC462F1EE2CE59AC300
                                                                                                                                                                                                              Function 00007FFE0E169380 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$Dealloc$ArgsAttrCallErr_InstanceObject
                                                                                                                                                                                                              • String ID: eligible
                                                                                                                                                                                                              • API String ID: 1069087923-1278981203
                                                                                                                                                                                                              • Opcode ID: 264c375cebad308eadaee1675b00cc9f17cece968e16bc31d6764a74fd8f3ee8
                                                                                                                                                                                                              • Instruction ID: 339e71a052da17ea21aa8ac3066646d7a22cfc43b2470d1cb5c10553d0429b21
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 264c375cebad308eadaee1675b00cc9f17cece968e16bc31d6764a74fd8f3ee8
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 44F01C65E0970781FB245B69E84927923B1AF98F98F041477CCDD073B6DE3CE4808740
                                                                                                                                                                                                              Function 00007FFE0E168BE0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'ArchaicUpperLowerPlugin' object attribute '_current_ascii_only' cannot be deleted$bool
                                                                                                                                                                                                              • API String ID: 1450464846-1261582747
                                                                                                                                                                                                              • Opcode ID: 04ec57312041611f3602237787a26a0ad993ed45eab3d5a359d5bc00e9bd5bdc
                                                                                                                                                                                                              • Instruction ID: ca7a04b07500846211aa7ef22aa766dd6ad852372028eaaf5738f965f88ae4f4
                                                                                                                                                                                                              • Opcode Fuzzy Hash: 04ec57312041611f3602237787a26a0ad993ed45eab3d5a359d5bc00e9bd5bdc
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 16F012A5F06A4791EE049729D8900742372BF94FA5FE44633C5DC462F1EE2CE59AC700
                                                                                                                                                                                                              Function 00007FFE0E1695E0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$Dealloc$ArgsAttrCallErr_InstanceObject
                                                                                                                                                                                                              • String ID: reset
                                                                                                                                                                                                              • API String ID: 1069087923-1352515405
                                                                                                                                                                                                              • Opcode ID: e1017d9d7119e8ea7ad3f0d63ab2f21dba9bf6e94af08320ee0f94539e9f420a
                                                                                                                                                                                                              • Instruction ID: 57ee20b754e32466b4a9e7217c516f4b26f35edfd7221f7e8c5e2e0d0789d24c
                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1017d9d7119e8ea7ad3f0d63ab2f21dba9bf6e94af08320ee0f94539e9f420a
                                                                                                                                                                                                              • Instruction Fuzzy Hash: F9F08CA1E0970381FB255B65E80827523B1AF88F85F081437CCDD073B2DE3CE4808700
                                                                                                                                                                                                              Function 00007FFE0E1675E0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3076179419.00007FFE0E161000.00000020.00000001.01000000.00000026.sdmp, Offset: 00007FFE0E160000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076162871.00007FFE0E160000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076203057.00007FFE0E175000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076222120.00007FFE0E17B000.00000004.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3076241325.00007FFE0E17F000.00000002.00000001.01000000.00000026.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffe0e160000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Err_String
                                                                                                                                                                                                              • String ID: 'SuperWeirdWordPlugin' object attribute '_foreign_long_watch' cannot be deleted$bool
                                                                                                                                                                                                              • API String ID: 1450464846-232606992
                                                                                                                                                                                                              • Opcode ID: b10f09aaa386d01e9a7da5633371d89a74e4d2906a896bde21cb4e6847f018c4
                                                                                                                                                                                                              • Instruction ID: fbc5c855802adae80a90e239b277d60a1f8817fb9047a3e4234f5ad38280872e
                                                                                                                                                                                                              • Opcode Fuzzy Hash: b10f09aaa386d01e9a7da5633371d89a74e4d2906a896bde21cb4e6847f018c4
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1DF01CA5F09A4395FE049729D99007823B2BF94FA5FE44633C5EC466F1EE2CE59AC300
                                                                                                                                                                                                              Function 00007FFDFF1925C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                              APIs
                                                                                                                                                                                                              • _PyObject_GC_New.PYTHON312(?,?,00000000,00007FFDFF192533), ref: 00007FFDFF1925C6
                                                                                                                                                                                                              • PyObject_GC_Track.PYTHON312(?,?,00000000,00007FFDFF192533), ref: 00007FFDFF1925F8
                                                                                                                                                                                                              Strings
                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                              • Source File: 00000001.00000002.3075522267.00007FFDFF191000.00000020.00000001.01000000.00000027.sdmp, Offset: 00007FFDFF190000, based on PE: true
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075500097.00007FFDFF190000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF195000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF1F2000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF23E000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF242000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF247000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075558957.00007FFDFF29F000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075824238.00007FFDFF2A2000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              • Associated: 00000001.00000002.3075852862.00007FFDFF2A4000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                              • Snapshot File: hcaresult_1_2_7ffdff190000_rvigVjH6wf.jbxd
                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                              • API ID: Object_$Track
                                                                                                                                                                                                              • String ID: 3.2.0
                                                                                                                                                                                                              • API String ID: 16854473-1786766648
                                                                                                                                                                                                              • Opcode ID: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                              • Instruction ID: 66c81e909198a4f9f69123a980459b26f61387a134a5e5de7e3c1c85dafe368f
                                                                                                                                                                                                              • Opcode Fuzzy Hash: f91d149df4c654f8be0df0ef2da4b36c9d06b56ee9d54162962ccaca08fa2000
                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0BE0ED26F55B4291FB358F11E86446423F4BF08B08B540235CD7D02398EF7CE1A4C2C0